Welcome!

News Feed Item

Healthcare Organizations Plan “CyberRX”: First Industry-Wide Cyber Attack Exercise

HITRUST announced today that it will lead an industry-wide effort to conduct exercises to simulate cyber attacks on healthcare organizations, named CyberRX. The results will be used to evaluate the industry’s response and threat preparedness against attacks and attempts to disrupt U.S. healthcare industry operations. These exercises will be conducted in partnership with the U.S. Department of Health and Human Services (DHHS) and major healthcare industry companies.

CyberRX will include the participation of providers, health plans, prescription benefit managers, pharmacies and pharmaceutical manufacturers, and DHHS. The exercises will examine both broad and segment-specific scenarios targeting information systems, medical devices and other essential technology resources of the healthcare industry. CyberRX findings will be analyzed and used to identify areas for improvement in the coordination of the HITRUST Cyber Threat Intelligence and Incident Coordination Center (C3); with security and incident response programs; and in information sharing between healthcare organizations, HITRUST and government agencies. These findings will be summarized into a report distributed to the industry and presented at HITRUST 2014 in April 2014.

“We have been coordinating and collaborating with HITRUST to enhance the resources available to the healthcare industry,” said Kevin Charest, chief information security officer, U.S. Department of Health and Human Services. “Our goal for the exercises is to identify additional ways that we can help the industry be better prepared for and better able to respond to cyber attacks. This exercise will generate valuable information we can use to improve our joint preparedness.”

Recognizing the growing threats posed by cyber attacks targeted at healthcare organizations, HITRUST established a fully functional cyber threat intelligence and response program to enable the U.S. healthcare industry to protect itself from disruption by these attacks. The HITRUST C3 is the single best source of intelligence on threats targeted at healthcare organizations and medical devices, providing actionable information for strategic planning and tactical preparedness, and coordinated response for both large and small organizations. The HITRUST C3 facilitates critical intelligence sharing between the healthcare industry, the U.S. Department of Homeland Security, and the U.S. Department of Health and Human Services.

HITRUST will coordinate two CyberRX exercises. The initial exercise will take place over a two-day period in Spring 2014, and the second one will take place in Summer 2014.

In addition to aiding organizations in evaluating their own processes, the March exercise will focus on the following objectives:

  • Developing a better understanding of the healthcare industry’s cyber threat response readiness
  • Measuring the effectiveness of the HITRUST C3 in supporting the healthcare industry and opportunities for improvement
  • Testing the coordination with the U.S. Department of Health and Human Services relating to cyber threats and the healthcare industry response
  • Documenting threat and attack scenarios of value for future exercises engaging additional healthcare industry organizations and in support of industry preparedness

“I feel strongly that these exercises are needed as a crucial step in the healthcare industry’s continued maturity around cyber threat preparedness and response,” said Roy Mellinger, vice president and chief information security officer, WellPoint, Inc. “It will allow organizations to evaluate and improve their processes and identify gaps in what is needed industry-wide and from government.”

HITRUST and the U.S. Department of Health and Human Services held a Health Industry Cyber Threat Preparedness Summit in December 2013 to discuss numerous topics around the healthcare industry’s cyber threat preparedness and coordination and response. One of the recommendations was to evaluate the industry’s preparedness and HITRUST C3 effectiveness through an industry-wide cyber attack and response exercise. The Spring 2014 CyberRX exercise will include 12 organizations. The group is predominantly comprised of Summit participating organizations, such as Children's Medical Center Dallas, CVS Caremark, Express Scripts, Health Care Service Corp, Highmark, Humana, UnitedHealth Group, and WellPoint. HITRUST is currently soliciting participation for the Summer 2014 CyberRX exercise.

“As cyber threats continue to increase and the number of attacks targeted at healthcare organizations rise, industry organizations are seeking useful and actionable information with guidance that augments their existing information security programs without duplication or complication,” said Daniel Nutkis, chief executive officer, HITRUST. “CyberRX will undoubtedly provide invaluable information that can be used by organizations to refine their information protection programs and will enable HITRUST C3 to better serve the healthcare industry and support public and private industry partnerships.”

Healthcare organizations interested in participating in the Summer 2014 CyberRX exercise can register to receive additional information or to learn more about the HITRUST C3 by visiting www.hitrustalliance.net/c3/.

About HITRUST

The Health Information Trust Alliance (HITRUST) was born out of the belief that information security should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. HITRUST, in collaboration with healthcare, business, technology and information security leaders, has established the CSF, a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health and financial information. Beyond the establishment of the CSF, HITRUST is also driving the adoption of and widespread confidence in the framework and sound risk management practices through awareness, education, advocacy and other outreach activities. For more information, visit www.HITRUSTalliance.net.

All product and company names herein may be trademarks of their respective owners.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
"We build IoT infrastructure products - when you have to integrate different devices, different systems and cloud you have to build an application to do that but we eliminate the need to build an application. Our products can integrate any device, any system, any cloud regardless of protocol," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
"We are an all-flash array storage provider but our focus has been on VM-aware storage specifically for virtualized applications," stated Dhiraj Sehgal of Tintri in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
It's easy to assume that your app will run on a fast and reliable network. The reality for your app's users, though, is often a slow, unreliable network with spotty coverage. What happens when the network doesn't work, or when the device is in airplane mode? You get unhappy, frustrated users. An offline-first app is an app that works, without error, when there is no network connection. In his session at 18th Cloud Expo, Bradley Holt, a Developer Advocate with IBM Cloud Data Services, discussed...
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at 20th Cloud Expo, Ed Featherston, director/senior enterprise architect at Collaborative Consulting, will discuss the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
Between 2005 and 2020, data volumes will grow by a factor of 300 – enough data to stack CDs from the earth to the moon 162 times. This has come to be known as the ‘big data’ phenomenon. Unfortunately, traditional approaches to handling, storing and analyzing data aren’t adequate at this scale: they’re too costly, slow and physically cumbersome to keep up. Fortunately, in response a new breed of technology has emerged that is cheaper, faster and more scalable. Yet, in meeting these new needs they...
In addition to all the benefits, IoT is also bringing new kind of customer experience challenges - cars that unlock themselves, thermostats turning houses into saunas and baby video monitors broadcasting over the internet. This list can only increase because while IoT services should be intuitive and simple to use, the delivery ecosystem is a myriad of potential problems as IoT explodes complexity. So finding a performance issue is like finding the proverbial needle in the haystack.
When it comes to cloud computing, the ability to turn massive amounts of compute cores on and off on demand sounds attractive to IT staff, who need to manage peaks and valleys in user activity. With cloud bursting, the majority of the data can stay on premises while tapping into compute from public cloud providers, reducing risk and minimizing need to move large files. In his session at 18th Cloud Expo, Scott Jeschonek, Director of Product Management at Avere Systems, discussed the IT and busin...
According to Forrester Research, every business will become either a digital predator or digital prey by 2020. To avoid demise, organizations must rapidly create new sources of value in their end-to-end customer experiences. True digital predators also must break down information and process silos and extend digital transformation initiatives to empower employees with the digital resources needed to win, serve, and retain customers.
"We are the public cloud providers. We are currently providing 50% of the resources they need for doing e-commerce business in China and we are hosting about 60% of mobile gaming in China," explained Yi Zheng, CPO and VP of Engineering at CDS Global Cloud, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Fact is, enterprises have significant legacy voice infrastructure that’s costly to replace with pure IP solutions. How can we bring this analog infrastructure into our shiny new cloud applications? There are proven methods to bind both legacy voice applications and traditional PSTN audio into cloud-based applications and services at a carrier scale. Some of the most successful implementations leverage WebRTC, WebSockets, SIP and other open source technologies. In his session at @ThingsExpo, Da...
"Once customers get a year into their IoT deployments, they start to realize that they may have been shortsighted in the ways they built out their deployment and the key thing I see a lot of people looking at is - how can I take equipment data, pull it back in an IoT solution and show it in a dashboard," stated Dave McCarthy, Director of Products at Bsquare Corporation, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
@DevOpsSummit taking place June 6-8, 2017 at Javits Center, New York City, is co-located with the 20th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. @DevOpsSummit at Cloud Expo New York Call for Papers is now open.
Predictive analytics tools monitor, report, and troubleshoot in order to make proactive decisions about the health, performance, and utilization of storage. Most enterprises combine cloud and on-premise storage, resulting in blended environments of physical, virtual, cloud, and other platforms, which justifies more sophisticated storage analytics. In his session at 18th Cloud Expo, Peter McCallum, Vice President of Datacenter Solutions at FalconStor, discussed using predictive analytics to mon...
Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like “How is my application doing” but no id...