TRENDING:

Healthcare Cybersecurity Drills Slated

2 Mock Cyber-Attack Exercises Planned Marianne Kolbasuk McGee (HealthInfoSec) • January 13, 2014    
Healthcare Cybersecurity Drills Slated

The healthcare industry plans to test its cybersecurity preparedness and attack response coordination through two mock cyber-attack exercises this year.

See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources

The exercises, dubbed CyberRX, will involve the U.S. Department of Health and Human Services and several large companies in various healthcare sectors. The Health Information Trust Alliance will coordinate the drills.

HITRUST is best known for establishing the Common Security Framework, which can be used by any organization that creates, accesses, stores or exchanges personal health and financial information.

The first simulated cyber-attack is slated for a two-day period in March. Twelve organizations, including those in the pharmaceutical, insurance and provider sectors, are expected to participate, according to HITRUST. In addition to HHS, participants revealed so far include Children's Medical Center Dallas, CVS Caremark, Express Scripts, Health Care Service Corp, Highmark, Humana, UnitedHealth Group and WellPoint.

HITRUST is recruiting participants for the second CyberRX exercise, which is slated for the summer.

Details on the Drills

The exercises will simulate both broad and segment-specific attack scenarios "targeting information systems, medical devices and other essential technology resources of the healthcare industry," HITRUST reports. "CyberRX findings will be analyzed and used to identify areas for improvement in the coordination of the HITRUST Cyber Threat Intelligence and Incident Coordination Center; with security and incident response programs; and in information sharing between healthcare organizations, HITRUST and government agencies."

The coordination center provides cyberthreat warning and threat intelligence services to help healthcare organizations prioritize their cybersecurity efforts and raise security awareness by informing them of general and sector-specific threats.

The findings of the first drill will be summarized in a report distributed to the industry and presented at the HITRUST 2014 Conference in April.

"Our goal for the exercises is to identify additional ways that we can help the industry be better prepared for and better able to respond to cyber-attacks," says Kevin Charest, chief information security officer at HHS.

Other Goals

Other objectives of the exercise include:

  • Developing a better understanding of the healthcare industry's cyberthreat response readiness;
  • Testing the coordination with HHS relating to cyberthreats and the healthcare industry response;
  • Documenting threat and attack scenarios of value for future exercises involving additional healthcare industry organizations and in support of industry preparedness.

CyberRX grew out of a Cyber Threat Preparedness Summit in December 2013, which HITRUST and HHS conducted.

Previous
Addressing the Culture of Surveillance
Next
Retail Breaches: Who's Next?

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.



Around the Network

CyberArk CEO Touts New Browser That Secures Privileged Users
CyberArk CEO Touts New Browser That Secures Privileged Users
HHS OCR Leader: Agency Is Cracking Down on Website Trackers
HHS OCR Leader: Agency Is Cracking Down on Website Trackers
What's Inside Washington State's New My Health My Data Act
What's Inside Washington State's New My Health My Data Act
Checking Out Security Before Using AI Tools in Healthcare
Checking Out Security Before Using AI Tools in Healthcare
HIPAA Considerations for AI Tool Use in Healthcare Research
HIPAA Considerations for AI Tool Use in Healthcare Research
Closing Privacy 'Loopholes' in Reproductive Healthcare Data
Closing Privacy 'Loopholes' in Reproductive Healthcare Data
Why Health Entities Need to Implement NIST Cyber Framework
Why Health Entities Need to Implement NIST Cyber Framework
Why Aren't 3rd Parties More Transparent About Breaches?
Why Aren't 3rd Parties More Transparent About Breaches?
Efficient Management of Enterprisewide Data Protection
Efficient Management of Enterprisewide Data Protection
Why Legacy Medical Systems Are a Growing Concern
Why Legacy Medical Systems Are a Growing Concern

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.