Welcome!

News Feed Item

Healthcare Organizations Plan “CyberRX”: First Industry-Wide Cyber Attack Exercise

HITRUST announced today that it will lead an industry-wide effort to conduct exercises to simulate cyber attacks on healthcare organizations, named CyberRX. The results will be used to evaluate the industry’s response and threat preparedness against attacks and attempts to disrupt U.S. healthcare industry operations. These exercises will be conducted in partnership with the U.S. Department of Health and Human Services (DHHS) and major healthcare industry companies.

CyberRX will include the participation of providers, health plans, prescription benefit managers, pharmacies and pharmaceutical manufacturers, and DHHS. The exercises will examine both broad and segment-specific scenarios targeting information systems, medical devices and other essential technology resources of the healthcare industry. CyberRX findings will be analyzed and used to identify areas for improvement in the coordination of the HITRUST Cyber Threat Intelligence and Incident Coordination Center (C3); with security and incident response programs; and in information sharing between healthcare organizations, HITRUST and government agencies. These findings will be summarized into a report distributed to the industry and presented at HITRUST 2014 in April 2014.

“We have been coordinating and collaborating with HITRUST to enhance the resources available to the healthcare industry,” said Kevin Charest, chief information security officer, U.S. Department of Health and Human Services. “Our goal for the exercises is to identify additional ways that we can help the industry be better prepared for and better able to respond to cyber attacks. This exercise will generate valuable information we can use to improve our joint preparedness.”

Recognizing the growing threats posed by cyber attacks targeted at healthcare organizations, HITRUST established a fully functional cyber threat intelligence and response program to enable the U.S. healthcare industry to protect itself from disruption by these attacks. The HITRUST C3 is the single best source of intelligence on threats targeted at healthcare organizations and medical devices, providing actionable information for strategic planning and tactical preparedness, and coordinated response for both large and small organizations. The HITRUST C3 facilitates critical intelligence sharing between the healthcare industry, the U.S. Department of Homeland Security, and the U.S. Department of Health and Human Services.

HITRUST will coordinate two CyberRX exercises. The initial exercise will take place over a two-day period in Spring 2014, and the second one will take place in Summer 2014.

In addition to aiding organizations in evaluating their own processes, the March exercise will focus on the following objectives:

  • Developing a better understanding of the healthcare industry’s cyber threat response readiness
  • Measuring the effectiveness of the HITRUST C3 in supporting the healthcare industry and opportunities for improvement
  • Testing the coordination with the U.S. Department of Health and Human Services relating to cyber threats and the healthcare industry response
  • Documenting threat and attack scenarios of value for future exercises engaging additional healthcare industry organizations and in support of industry preparedness

“I feel strongly that these exercises are needed as a crucial step in the healthcare industry’s continued maturity around cyber threat preparedness and response,” said Roy Mellinger, vice president and chief information security officer, WellPoint, Inc. “It will allow organizations to evaluate and improve their processes and identify gaps in what is needed industry-wide and from government.”

HITRUST and the U.S. Department of Health and Human Services held a Health Industry Cyber Threat Preparedness Summit in December 2013 to discuss numerous topics around the healthcare industry’s cyber threat preparedness and coordination and response. One of the recommendations was to evaluate the industry’s preparedness and HITRUST C3 effectiveness through an industry-wide cyber attack and response exercise. The Spring 2014 CyberRX exercise will include 12 organizations. The group is predominantly comprised of Summit participating organizations, such as Children's Medical Center Dallas, CVS Caremark, Express Scripts, Health Care Service Corp, Highmark, Humana, UnitedHealth Group, and WellPoint. HITRUST is currently soliciting participation for the Summer 2014 CyberRX exercise.

“As cyber threats continue to increase and the number of attacks targeted at healthcare organizations rise, industry organizations are seeking useful and actionable information with guidance that augments their existing information security programs without duplication or complication,” said Daniel Nutkis, chief executive officer, HITRUST. “CyberRX will undoubtedly provide invaluable information that can be used by organizations to refine their information protection programs and will enable HITRUST C3 to better serve the healthcare industry and support public and private industry partnerships.”

Healthcare organizations interested in participating in the Summer 2014 CyberRX exercise can register to receive additional information or to learn more about the HITRUST C3 by visiting www.hitrustalliance.net/c3/.

About HITRUST

The Health Information Trust Alliance (HITRUST) was born out of the belief that information security should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. HITRUST, in collaboration with healthcare, business, technology and information security leaders, has established the CSF, a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health and financial information. Beyond the establishment of the CSF, HITRUST is also driving the adoption of and widespread confidence in the framework and sound risk management practices through awareness, education, advocacy and other outreach activities. For more information, visit www.HITRUSTalliance.net.

All product and company names herein may be trademarks of their respective owners.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
DevOps at Cloud Expo – being held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real results. Am...
Almost two-thirds of companies either have or soon will have IoT as the backbone of their business in 2016. However, IoT is far more complex than most firms expected. How can you not get trapped in the pitfalls? In his session at @ThingsExpo, Tony Shan, a renowned visionary and thought leader, will introduce a holistic method of IoTification, which is the process of IoTifying the existing technology and business models to adopt and leverage IoT. He will drill down to the components in this fra...
SYS-CON Events announced today that Bsquare has been named “Silver Sponsor” of SYS-CON's @ThingsExpo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. For more than two decades, Bsquare has helped its customers extract business value from a broad array of physical assets by making them intelligent, connecting them, and using the data they generate to optimize business processes.
SYS-CON Events announced today that Commvault, a global leader in enterprise data protection and information management, has been named “Bronze Sponsor” of SYS-CON's 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Commvault is a leading provider of data protection and information management solutions, helping companies worldwide activate their data to drive more value and business insight and to transform moder...
The vision of a connected smart home is becoming reality with the application of integrated wireless technologies in devices and appliances. The use of standardized and TCP/IP networked wireless technologies in line-powered and battery operated sensors and controls has led to the adoption of radios in the 2.4GHz band, including Wi-Fi, BT/BLE and 802.15.4 applied ZigBee and Thread. This is driving the need for robust wireless coexistence for multiple radios to ensure throughput performance and th...
SYS-CON Events announced today that Pulzze Systems will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Pulzze Systems, Inc. provides infrastructure products for the Internet of Things to enable any connected device and system to carry out matched operations without programming. For more information, visit http://www.pulzzesystems.com.
Enterprise IT has been in the era of Hybrid Cloud for some time now. But it seems most conversations about Hybrid are focused on integrating AWS, Microsoft Azure, or Google ECM into existing on-premises systems. Where is all the Private Cloud? What do technology providers need to do to make their offerings more compelling? How should enterprise IT executives and buyers define their focus, needs, and roadmap, and communicate that clearly to the providers?
SYS-CON Events announced today the Kubernetes and Google Container Engine Workshop, being held November 3, 2016, in conjunction with @DevOpsSummit at 19th Cloud Expo at the Santa Clara Convention Center in Santa Clara, CA. This workshop led by Sebastian Scheele introduces participants to Kubernetes and Google Container Engine (GKE). Through a combination of instructor-led presentations, demonstrations, and hands-on labs, students learn the key concepts and practices for deploying and maintainin...
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
There is little doubt that Big Data solutions will have an increasing role in the Enterprise IT mainstream over time. Big Data at Cloud Expo - to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA - has announced its Call for Papers is open. Cloud computing is being adopted in one form or another by 94% of enterprises today. Tens of billions of new devices are being connected to The Internet of Things. And Big Data is driving this bus. An exponential increase is...
DevOps at Cloud Expo, taking place Nov 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 19th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long dev...
Digital innovation is the next big wave of business transformation based on digital technologies of which IoT and Big Data are key components, For example: Business boundary innovation is a challenge to excavate third-party business value using IoT and BigData, like Nest Business structure innovation may propose re-building business structure from scratch, as Uber does in the taxicab industry The social model innovation is also a big challenge to the new social architecture with the design fr...
Data is an unusual currency; it is not restricted by the same transactional limitations as money or people. In fact, the more that you leverage your data across multiple business use cases, the more valuable it becomes to the organization. And the same can be said about the organization’s analytics. In his session at 19th Cloud Expo, Bill Schmarzo, CTO for the Big Data Practice at EMC, will introduce a methodology for capturing, enriching and sharing data (and analytics) across the organizati...
IoT is fundamentally transforming the auto industry, turning the vehicle into a hub for connected services, including safety, infotainment and usage-based insurance. Auto manufacturers – and businesses across all verticals – have built an entire ecosystem around the Connected Car, creating new customer touch points and revenue streams. In his session at @ThingsExpo, Macario Namie, Head of IoT Strategy at Cisco Jasper, will share real-world examples of how IoT transforms the car from a static p...
The many IoT deployments around the world are busy integrating smart devices and sensors into their enterprise IT infrastructures. Yet all of this technology – and there are an amazing number of choices – is of no use without the software to gather, communicate, and analyze the new data flows. Without software, there is no IT. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will look at the protocols that communicate data and the emerging data analy...