Welcome!

News Feed Item

Healthcare Organizations Plan “CyberRX”: First Industry-Wide Cyber Attack Exercise

HITRUST announced today that it will lead an industry-wide effort to conduct exercises to simulate cyber attacks on healthcare organizations, named CyberRX. The results will be used to evaluate the industry’s response and threat preparedness against attacks and attempts to disrupt U.S. healthcare industry operations. These exercises will be conducted in partnership with the U.S. Department of Health and Human Services (DHHS) and major healthcare industry companies.

CyberRX will include the participation of providers, health plans, prescription benefit managers, pharmacies and pharmaceutical manufacturers, and DHHS. The exercises will examine both broad and segment-specific scenarios targeting information systems, medical devices and other essential technology resources of the healthcare industry. CyberRX findings will be analyzed and used to identify areas for improvement in the coordination of the HITRUST Cyber Threat Intelligence and Incident Coordination Center (C3); with security and incident response programs; and in information sharing between healthcare organizations, HITRUST and government agencies. These findings will be summarized into a report distributed to the industry and presented at HITRUST 2014 in April 2014.

“We have been coordinating and collaborating with HITRUST to enhance the resources available to the healthcare industry,” said Kevin Charest, chief information security officer, U.S. Department of Health and Human Services. “Our goal for the exercises is to identify additional ways that we can help the industry be better prepared for and better able to respond to cyber attacks. This exercise will generate valuable information we can use to improve our joint preparedness.”

Recognizing the growing threats posed by cyber attacks targeted at healthcare organizations, HITRUST established a fully functional cyber threat intelligence and response program to enable the U.S. healthcare industry to protect itself from disruption by these attacks. The HITRUST C3 is the single best source of intelligence on threats targeted at healthcare organizations and medical devices, providing actionable information for strategic planning and tactical preparedness, and coordinated response for both large and small organizations. The HITRUST C3 facilitates critical intelligence sharing between the healthcare industry, the U.S. Department of Homeland Security, and the U.S. Department of Health and Human Services.

HITRUST will coordinate two CyberRX exercises. The initial exercise will take place over a two-day period in Spring 2014, and the second one will take place in Summer 2014.

In addition to aiding organizations in evaluating their own processes, the March exercise will focus on the following objectives:

  • Developing a better understanding of the healthcare industry’s cyber threat response readiness
  • Measuring the effectiveness of the HITRUST C3 in supporting the healthcare industry and opportunities for improvement
  • Testing the coordination with the U.S. Department of Health and Human Services relating to cyber threats and the healthcare industry response
  • Documenting threat and attack scenarios of value for future exercises engaging additional healthcare industry organizations and in support of industry preparedness

“I feel strongly that these exercises are needed as a crucial step in the healthcare industry’s continued maturity around cyber threat preparedness and response,” said Roy Mellinger, vice president and chief information security officer, WellPoint, Inc. “It will allow organizations to evaluate and improve their processes and identify gaps in what is needed industry-wide and from government.”

HITRUST and the U.S. Department of Health and Human Services held a Health Industry Cyber Threat Preparedness Summit in December 2013 to discuss numerous topics around the healthcare industry’s cyber threat preparedness and coordination and response. One of the recommendations was to evaluate the industry’s preparedness and HITRUST C3 effectiveness through an industry-wide cyber attack and response exercise. The Spring 2014 CyberRX exercise will include 12 organizations. The group is predominantly comprised of Summit participating organizations, such as Children's Medical Center Dallas, CVS Caremark, Express Scripts, Health Care Service Corp, Highmark, Humana, UnitedHealth Group, and WellPoint. HITRUST is currently soliciting participation for the Summer 2014 CyberRX exercise.

“As cyber threats continue to increase and the number of attacks targeted at healthcare organizations rise, industry organizations are seeking useful and actionable information with guidance that augments their existing information security programs without duplication or complication,” said Daniel Nutkis, chief executive officer, HITRUST. “CyberRX will undoubtedly provide invaluable information that can be used by organizations to refine their information protection programs and will enable HITRUST C3 to better serve the healthcare industry and support public and private industry partnerships.”

Healthcare organizations interested in participating in the Summer 2014 CyberRX exercise can register to receive additional information or to learn more about the HITRUST C3 by visiting www.hitrustalliance.net/c3/.

About HITRUST

The Health Information Trust Alliance (HITRUST) was born out of the belief that information security should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. HITRUST, in collaboration with healthcare, business, technology and information security leaders, has established the CSF, a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health and financial information. Beyond the establishment of the CSF, HITRUST is also driving the adoption of and widespread confidence in the framework and sound risk management practices through awareness, education, advocacy and other outreach activities. For more information, visit www.HITRUSTalliance.net.

All product and company names herein may be trademarks of their respective owners.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time t...
Sanjeev Sharma Joins November 11-13, 2018 @DevOpsSummit at @CloudEXPO New York Faculty. Sanjeev Sharma is an internationally known DevOps and Cloud Transformation thought leader, technology executive, and author. Sanjeev's industry experience includes tenures as CTO, Technical Sales leader, and Cloud Architect leader. As an IBM Distinguished Engineer, Sanjeev is recognized at the highest levels of IBM's core of technical leaders.
DXWorldEXPO LLC announced today that Kevin Jackson joined the faculty of CloudEXPO's "10-Year Anniversary Event" which will take place on November 11-13, 2018 in New York City. Kevin L. Jackson is a globally recognized cloud computing expert and Founder/Author of the award winning "Cloud Musings" blog. Mr. Jackson has also been recognized as a "Top 100 Cybersecurity Influencer and Brand" by Onalytica (2015), a Huffington Post "Top 100 Cloud Computing Experts on Twitter" (2013) and a "Top 50 C...
Charles Araujo is an industry analyst, internationally recognized authority on the Digital Enterprise and author of The Quantum Age of IT: Why Everything You Know About IT is About to Change. As Principal Analyst with Intellyx, he writes, speaks and advises organizations on how to navigate through this time of disruption. He is also the founder of The Institute for Digital Transformation and a sought after keynote speaker. He has been a regular contributor to both InformationWeek and CIO Insight...
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the...
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
Machine learning has taken residence at our cities' cores and now we can finally have "smart cities." Cities are a collection of buildings made to provide the structure and safety necessary for people to function, create and survive. Buildings are a pool of ever-changing performance data from large automated systems such as heating and cooling to the people that live and work within them. Through machine learning, buildings can optimize performance, reduce costs, and improve occupant comfort by ...
SYS-CON Events announced today that IoT Global Network has been named “Media Sponsor” of SYS-CON's @ThingsExpo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. The IoT Global Network is a platform where you can connect with industry experts and network across the IoT community to build the successful IoT business of the future.
Wooed by the promise of faster innovation, lower TCO, and greater agility, businesses of every shape and size have embraced the cloud at every layer of the IT stack – from apps to file sharing to infrastructure. The typical organization currently uses more than a dozen sanctioned cloud apps and will shift more than half of all workloads to the cloud by 2018. Such cloud investments have delivered measurable benefits. But they’ve also resulted in some unintended side-effects: complexity and risk. ...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
Evan Kirstel is an internationally recognized thought leader and social media influencer in IoT (#1 in 2017), Cloud, Data Security (2016), Health Tech (#9 in 2017), Digital Health (#6 in 2016), B2B Marketing (#5 in 2015), AI, Smart Home, Digital (2017), IIoT (#1 in 2017) and Telecom/Wireless/5G. His connections are a "Who's Who" in these technologies, He is in the top 10 most mentioned/re-tweeted by CMOs and CIOs (2016) and have been recently named 5th most influential B2B marketeer in the US. H...
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
Enterprises are universally struggling to understand where the new tools and methodologies of DevOps fit into their organizations, and are universally making the same mistakes. These mistakes are not unavoidable, and in fact, avoiding them gifts an organization with sustained competitive advantage, just like it did for Japanese Manufacturing Post WWII.
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.