April 2017 Digital Edition
March 2017 Digital Edition
Feb. 2017 Digital Edition
January 2017 Digital Edition
Nov/Dec 2016 Digital Edition
Oct 2016 Digital Edition
HITRUST to launch first comprehensive study of targeted cyber threats impacting healthcare industry
Frisco, TX, April 6 – HITRUST has announced that it is undertaking a study called HITRUST Cyber Discovery to analyze the methods, severity and pervasiveness of cyber threats targeting a variety of healthcare organizations. The study will enable a better understanding of the actual magnitude, complexity, relations of cyber-attacks, commonalities of target organizations and data, and degree of cyber threats persisting within organizations. The goal is to accurately identify attack patterns and persistence, as well as the magnitude and sophistication of specific threats across enterprises.
There are no shortage of surveys indicating that the healthcare industry is a large target of cyber attacks, with some suggesting that healthcare has led all industries with 42.5 percent of overall breaches identified in 2014, a continuation of a three-year trend1. Unfortunately, most of this information is survey-based and lacks details necessary to better understand the scale, target, method and sophistication of the cyber threats and attacks – creating much speculation as to the extent of the impact on healthcare organizations.
“The level of speculation around attacks, targets and persistent threats has reached an all-time high,” said Daniel Nutkis, chief executive officer, HITRUST. “To combat this growing concern, we need more facts to better dissect threats and develop a corresponding strategy to address them. This research will provide valuable data to those charged with keeping healthcare information secure.”
The HITRUST Cyber Discovery Study will serve as an industry benchmark in the fight against cyber attacks, including data collection, analysis and reporting. Approximately 210 health plans and provider organizations will be recruited to participate in the study.
Cyber attacks have the potential to impact privacy, disrupt facility operations and/or cause direct harm to patients. Healthcare organizations can create, store and exchange large amounts of patient and member data, including personal health information, personal identifiable information, financial information such as credit card numbers, enrollment forms, lab reports and clinical research. Due to the sensitivity of this information, the industry is a high value target of threat actors ranging from nation states to hactivists.
“As an industry, we are all in the crosshairs and need vision and leadership to coordinate a unified front to defend against cyber threats,” said Raymond Biondo, divisional senior vice president, Health Care Services Corp. “This comprehensive study will give us unique insights into the actual level, targeting, degree and persistence of cyber-attacks to better focus our efforts as an industry.”
To support the collection of the highly sophisticated cyber information, HITRUST will provide participants with software, hardware and expertise to detect, analyze and monitor networks free of charge for the study’s duration, which is expected to be approximately 90 days. HITRUST has selected Trend Micro to provide the support services and tools leveraging its Trend Micro Deep Discovery technology. Trend Micro was selected based on its strength in delivering leading-edge security products and award-winning threat discovery technology, including being named a Gartner Magic Quadrant leader in endpoint protection over a 13-year span, their top rank by NSS Labs for its Deep Discovery platform, and their collaboration with Interpol and other global law enforcement agencies to combat cybercrime.
“Cyber security challenges in the healthcare industry are far broader, with more serious implications, than those faced by typical US enterprises,” said Tom Kellermann, chief cybersecurity officer, Trend Micro. “With high-value data, multiple access points and difficulties managing security updates, criminals consider healthcare an easy, and lucrative, target. We applaud HITRUST for driving this initiative, and are pleased to help identify and eradicate targeted attacks as much as possible.”
Participants will benefit from having access to highly sophisticated collection and analysis tools and resources to provide detailed information regarding cyber events and threats within their environment free of charge. In return they will be required to provide anonymized data regularly to HITRUST for analytical purposes. An initial report of findings and recommendations will be published approximately four months from the launch of the study.
HITRUST is recognized as the driving force enabling public-private collaboration to reduce cyber risks in the healthcare industry. The HITRUST Cyber Discovery Study is one of a number of programs that HITRUST has delivered to industry to help prepare, assess, coordinate and respond to cyber threats.
Founded in 2007, the Health Information Trust Alliance (HITRUST) was born out of the belief that information protection should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. HITRUST - in collaboration with public and private healthcare technology, privacy and information security leaders - has championed programs instrumental in safeguarding health information systems and exchanges while ensuring consumer confidence in their use.