{"id":215467,"date":"2026-02-19T13:17:00","date_gmt":"2026-02-19T18:17:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/19\/hhs-burrows-into-identifying-risks-to-health-sector-from-third-party-vendors\/"},"modified":"2026-02-19T19:05:19","modified_gmt":"2026-02-20T00:05:19","slug":"hhs-burrows-into-identifying-risks-to-health-sector-from-third-party-vendors","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/19\/hhs-burrows-into-identifying-risks-to-health-sector-from-third-party-vendors\/","title":{"rendered":"HHS burrows into identifying risks to health sector from third-party vendors"},"content":{"rendered":"<p><a href=\"https:\/\/cyberscoop.com\/hhs-burrows-into-identifying-risks-to-health-sector-from-third-party-vendors\/\">HHS burrows into identifying risks to health sector from third-party vendors<\/a><\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/hhs-burrows-into-identifying-risks-to-health-sector-from-third-party-vendors\/\">https:\/\/cyberscoop.com\/hhs-burrows-into-identifying-risks-to-health-sector-from-third-party-vendors\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-19 13:17:00<\/a><\/p>\n<p>Source Domain: <a href=\"cyberscoop.com\">cyberscoop.com<\/a><\/p>\n<p>A Department of Health and Human Services official said Thursday that HHS is devoting a lot of attention to the security of third-party service providers after the 2024 Change Healthcare cyberattack.<\/p>\n<p>That attack, which is widely regarded as the biggest ever in the sector \u2014 including by HHS\u2019s Charlee Hess, who spoke Thursday at CyberTalks presented by CyberScoop \u2014 began with hackers exploiting the lack of multifactor authentication set up on a remote access portal at Change Healthcare.<\/p>\n<p>\u201cIt wasn\u2019t a hospital, it was a company most people have never heard of and had major impacts on our sector and threatened the liquidity of our entire health care system,\u201d said Hess, director of the healthcare and public health sector cybersecurity at the Administration for Strategy Preparedness and Response division. \u201cWe recovered from that, but we realized there are third-party risks lurking in our health care system, and we don\u2019t even know they\u2019re there. Where are those entities or systems that will have an outsized impact on our sector?\u201d<\/p>\n<p>That realization arose from meetings between HHS and industry, she said. The focus on third-party service provider risk came next.<\/p>\n<p>\u201cWe are going through and working through a methodology to identify that, and we\u2019ve been working with industry on doing that, really finding where those places are,\u201d Hess said.<\/p>\n<p>The Change Healthcare breach, which exposed the data of 190 million people, has triggered other government responses, too, including on Capitol Hill.<\/p>\n<p>It also prompted UnitedHealth Group, the parent company of Change Healthcare to \u201cstart over\u201d on its use of computer systems. But industry has also bristled at the notion of mandatory cybersecurity requirements on hospitals \u2014 in part because, they note, the Change Healthcare attack wasn\u2019t their fault.<\/p>\n<h4 class=\"author-card__name\">Written by Tim Starks<\/h4>\n<p>\t\t\tTim Starks is senior reporter at CyberScoop. His previous&#8230;<br \/>\n<br \/><a href=\"https:\/\/cyberscoop.com\/hhs-burrows-into-identifying-risks-to-health-sector-from-third-party-vendors\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>HHS burrows into identifying risks to health sector from third-party vendors https:\/\/cyberscoop.com\/hhs-burrows-into-identifying-risks-to-health-sector-from-third-party-vendors\/ Publish Date: 2026-02-19&#8230;<\/p>\n","protected":false},"author":1,"featured_media":215468,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2022\/06\/GettyImages-1235108342.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[30,24],"class_list":["post-215467","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-breach","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215467"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=215467"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215467\/revisions"}],"predecessor-version":[{"id":215469,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215467\/revisions\/215469"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/215468"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=215467"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=215467"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=215467"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}