News Feed Item
Healthcare Organizations Plan “CyberRX”: First Industry-Wide Cyber Attack Exercise
|By Business Wire
|January 13, 2014 09:03 AM EST
HITRUST announced today that it will lead an industry-wide effort to
conduct exercises to simulate cyber attacks on healthcare organizations,
named CyberRX. The results will be used to evaluate the industry’s
response and threat preparedness against attacks and attempts to disrupt
U.S. healthcare industry operations. These exercises will be conducted
in partnership with the U.S. Department of Health and Human Services
(DHHS) and major healthcare industry companies.
CyberRX will include the participation of providers, health plans,
prescription benefit managers, pharmacies and pharmaceutical
manufacturers, and DHHS. The exercises will examine both broad and
segment-specific scenarios targeting information systems, medical
devices and other essential technology resources of the healthcare
industry. CyberRX findings will be analyzed and used to identify areas
for improvement in the coordination of the HITRUST Cyber Threat
Intelligence and Incident Coordination Center (C3); with
security and incident response programs; and in information sharing
between healthcare organizations, HITRUST and government agencies. These
findings will be summarized into a report distributed to the industry
and presented at HITRUST 2014 in April 2014.
“We have been coordinating and collaborating with HITRUST to enhance the
resources available to the healthcare industry,” said Kevin Charest,
chief information security officer, U.S. Department of Health and Human
Services. “Our goal for the exercises is to identify additional ways
that we can help the industry be better prepared for and better able to
respond to cyber attacks. This exercise will generate valuable
information we can use to improve our joint preparedness.”
Recognizing the growing threats posed by cyber attacks targeted at
healthcare organizations, HITRUST established a fully functional cyber
threat intelligence and response program to enable the U.S. healthcare
industry to protect itself from disruption by these attacks. The HITRUST
C3 is the single best source of intelligence on threats
targeted at healthcare organizations and medical devices, providing
actionable information for strategic planning and tactical preparedness,
and coordinated response for both large and small organizations. The
HITRUST C3 facilitates critical intelligence sharing between
the healthcare industry, the U.S. Department of Homeland Security, and
the U.S. Department of Health and Human Services.
HITRUST will coordinate two CyberRX exercises. The initial exercise will
take place over a two-day period in Spring 2014, and the second one will
take place in Summer 2014.
In addition to aiding organizations in evaluating their own processes,
the March exercise will focus on the following objectives:
Developing a better understanding of the healthcare industry’s cyber
threat response readiness
Measuring the effectiveness of the HITRUST C3 in supporting
the healthcare industry and opportunities for improvement
Testing the coordination with the U.S. Department of Health and Human
Services relating to cyber threats and the healthcare industry response
Documenting threat and attack scenarios of value for future exercises
engaging additional healthcare industry organizations and in support
of industry preparedness
“I feel strongly that these exercises are needed as a crucial step in
the healthcare industry’s continued maturity around cyber threat
preparedness and response,” said Roy Mellinger, vice president and chief
information security officer, WellPoint, Inc. “It will allow
organizations to evaluate and improve their processes and identify gaps
in what is needed industry-wide and from government.”
HITRUST and the U.S. Department of Health and Human Services held a
Health Industry Cyber Threat Preparedness Summit in December 2013 to
discuss numerous topics around the healthcare industry’s cyber threat
preparedness and coordination and response. One of the recommendations
was to evaluate the industry’s preparedness and HITRUST C3 effectiveness
through an industry-wide cyber attack and response exercise. The Spring
2014 CyberRX exercise will include 12 organizations. The group is
predominantly comprised of Summit participating organizations, such as
Children's Medical Center Dallas, CVS Caremark, Express Scripts, Health
Care Service Corp, Highmark, Humana, UnitedHealth Group, and WellPoint.
HITRUST is currently soliciting participation for the Summer 2014
“As cyber threats continue to increase and the number of attacks
targeted at healthcare organizations rise, industry organizations are
seeking useful and actionable information with guidance that augments
their existing information security programs without duplication or
complication,” said Daniel Nutkis, chief executive officer, HITRUST.
“CyberRX will undoubtedly provide invaluable information that can be
used by organizations to refine their information protection programs
and will enable HITRUST C3 to better serve the healthcare
industry and support public and private industry partnerships.”
Healthcare organizations interested in participating in the Summer 2014
CyberRX exercise can register to receive additional information or to
learn more about the HITRUST C3 by visiting www.hitrustalliance.net/c3/.
The Health Information Trust Alliance (HITRUST) was born out of the
belief that information security should be a core pillar of, rather than
an obstacle to, the broad adoption of health information systems and
exchanges. HITRUST, in collaboration with healthcare, business,
technology and information security leaders, has established the CSF, a
certifiable framework that can be used by any and all organizations that
create, access, store or exchange personal health and financial
information. Beyond the establishment of the CSF, HITRUST is also
driving the adoption of and widespread confidence in the framework and
sound risk management practices through awareness, education, advocacy
and other outreach activities. For more information, visit www.HITRUSTalliance.net.
All product and company names herein may be trademarks of their
Security, data privacy, reliability, and regulatory compliance are critical factors when evaluating whether to move business applications from in-house, client-hosted environments to a cloud platform. Quality assurance plays a vital role in ensuring that the appropriate level of risk assessment, verification, and validation takes place to ensure business continuity during the migration to a new cloud platform.
Jul. 29, 2016 08:00 AM EDT Reads: 423
SYS-CON Events announced today the Kubernetes and Google Container Engine Workshop, being held November 3, 2016, in conjunction with @DevOpsSummit at 19th Cloud Expo at the Santa Clara Convention Center in Santa Clara, CA.
This workshop led by Sebastian Scheele introduces participants to Kubernetes and Google Container Engine (GKE). Through a combination of instructor-led presentations, demonstrations, and hands-on labs, students learn the key concepts and practices for deploying and maintainin...
Jul. 29, 2016 07:45 AM EDT Reads: 948
StackIQ has announced the release of Stacki 3.2. Stacki is an easy-to-use Linux server provisioning tool. Stacki 3.2 delivers new capabilities that simplify the automation and integration of site-specific requirements. StackIQ is the commercial entity behind this open source bare metal provisioning tool.
Since the release of Stacki in June of 2015, the Stacki core team has been focused on making the Community Edition meet the needs of members of the community, adding features and value, while ...
Jul. 29, 2016 07:30 AM EDT Reads: 552
Aspose.Total for .NET is the most complete package of all file format APIs for .NET as offered by Aspose. It empowers developers to create, edit, render, print and convert between a wide range of popular document formats within any .NET, C#, ASP.NET and VB.NET applications.
Aspose compiles all .NET APIs on a daily basis to ensure that it contains the most up to date versions of each of Aspose .NET APIs. If a new .NET API or a new version of existing APIs is released during the subscription peri...
Jul. 29, 2016 07:30 AM EDT Reads: 993
There will be new vendors providing applications, middleware, and connected devices to support the thriving IoT ecosystem. This essentially means that electronic device manufacturers will also be in the software business. Many will be new to building embedded software or robust software. This creates an increased importance on software quality, particularly within the Industrial Internet of Things where business-critical applications are becoming dependent on products controlled by software. Qua...
Jul. 29, 2016 07:15 AM EDT Reads: 1,618
In addition to all the benefits, IoT is also bringing new kind of customer experience challenges - cars that unlock themselves, thermostats turning houses into saunas and baby video monitors broadcasting over the internet. This list can only increase because while IoT services should be intuitive and simple to use, the delivery ecosystem is a myriad of potential problems as IoT explodes complexity. So finding a performance issue is like finding the proverbial needle in the haystack.
Jul. 29, 2016 06:45 AM EDT Reads: 2,355
"We host and fully manage cloud data services, whether we store, the data, move the data, or run analytics on the data," stated Kamal Shannak, Senior Development Manager, Cloud Data Services, IBM, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Jul. 29, 2016 05:00 AM EDT Reads: 1,422
Machine Learning helps make complex systems more efficient. By applying advanced Machine Learning techniques such as Cognitive Fingerprinting, wind project operators can utilize these tools to learn from collected data, detect regular patterns, and optimize their own operations.
In his session at 18th Cloud Expo, Stuart Gillen, Director of Business Development at SparkCognition, discussed how research has demonstrated the value of Machine Learning in delivering next generation analytics to imp...
Jul. 29, 2016 04:45 AM EDT Reads: 2,565
DevOps at Cloud Expo – being held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open.
Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real results. Am...
Jul. 29, 2016 04:45 AM EDT Reads: 2,360
With the proliferation of both SQL and NoSQL databases, organizations can now target specific fit-for-purpose database tools for their different application needs regarding scalability, ease of use, ACID support, etc. Platform as a Service offerings make this even easier now, enabling developers to roll out their own database infrastructure in minutes with minimal management overhead. However, this same amount of flexibility also comes with the challenges of picking the right tool, on the right ...
Jul. 29, 2016 04:30 AM EDT Reads: 1,406
The 19th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Digital Transformation, Microservices and WebRTC to one location.
With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportuni...
Jul. 29, 2016 04:15 AM EDT Reads: 2,676
With over 720 million Internet users and 40–50% CAGR, the Chinese Cloud Computing market has been booming. When talking about cloud computing, what are the Chinese users of cloud thinking about? What is the most powerful force that can push them to make the buying decision? How to tap into them?
In his session at 18th Cloud Expo, Yu Hao, CEO and co-founder of SpeedyCloud, answered these questions and discussed the results of SpeedyCloud’s survey.
Jul. 29, 2016 03:45 AM EDT Reads: 1,042
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform.
In his session at @ThingsExpo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and shared the must-have mindsets for removing complexity from the develo...
Jul. 29, 2016 02:45 AM EDT Reads: 1,600
SYS-CON Events announced today that MangoApps will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
MangoApps provides modern company intranets and team collaboration software, allowing workers to stay connected and productive from anywhere in the world and from any device.
Jul. 29, 2016 02:30 AM EDT Reads: 1,462
Large scale deployments present unique planning challenges, system commissioning hurdles between IT and OT and demand careful system hand-off orchestration.
In his session at @ThingsExpo, Jeff Smith, Senior Director and a founding member of Incenergy, will discuss some of the key tactics to ensure delivery success based on his experience of the last two years deploying Industrial IoT systems across four continents.
Jul. 29, 2016 02:00 AM EDT Reads: 1,683