Healthcare Cybersecurity Drills Slated2 Mock Cyber-Attack Exercises Planned
The healthcare industry plans to test its cybersecurity preparedness and attack response coordination through two mock cyber-attack exercises this year.
The exercises, dubbed CyberRX, will involve the U.S. Department of Health and Human Services and several large companies in various healthcare sectors. The Health Information Trust Alliance will coordinate the drills.
HITRUST is best known for establishing the Common Security Framework, which can be used by any organization that creates, accesses, stores or exchanges personal health and financial information.
The first simulated cyber-attack is slated for a two-day period in March. Twelve organizations, including those in the pharmaceutical, insurance and provider sectors, are expected to participate, according to HITRUST. In addition to HHS, participants revealed so far include Children's Medical Center Dallas, CVS Caremark, Express Scripts, Health Care Service Corp, Highmark, Humana, UnitedHealth Group and WellPoint.
HITRUST is recruiting participants for the second CyberRX exercise, which is slated for the summer.
Details on the Drills
The exercises will simulate both broad and segment-specific attack scenarios "targeting information systems, medical devices and other essential technology resources of the healthcare industry," HITRUST reports. "CyberRX findings will be analyzed and used to identify areas for improvement in the coordination of the HITRUST Cyber Threat Intelligence and Incident Coordination Center; with security and incident response programs; and in information sharing between healthcare organizations, HITRUST and government agencies."
The coordination center provides cyberthreat warning and threat intelligence services to help healthcare organizations prioritize their cybersecurity efforts and raise security awareness by informing them of general and sector-specific threats.
The findings of the first drill will be summarized in a report distributed to the industry and presented at the HITRUST 2014 Conference in April.
"Our goal for the exercises is to identify additional ways that we can help the industry be better prepared for and better able to respond to cyber-attacks," says Kevin Charest, chief information security officer at HHS.
Other objectives of the exercise include:
- Developing a better understanding of the healthcare industry's cyberthreat response readiness;
- Testing the coordination with HHS relating to cyberthreats and the healthcare industry response;
- Documenting threat and attack scenarios of value for future exercises involving additional healthcare industry organizations and in support of industry preparedness.
CyberRX grew out of a Cyber Threat Preparedness Summit in December 2013, which HITRUST and HHS conducted.