HITRUST effort may help providers identify security threats more quickly

Faster response crucial in helping organizations intercept new cyber attacks, Daniel Nutkus says.


Nearly 90 percent of new cyber threats found by healthcare organizations during the past month were previously unknown in the industry.

The organizations that collected the threat data are working with HITRUST, a consortium of stakeholders that are collaborating to better secure protected health information. These organizations collect and submit to HITRUST “indicators of compromise” (IOC) that they have discovered to help identify what the next threats are.

As these IOC collection rounds continue, HITRUST and participants are improving their performance. In HITRUST’s latest 30-day round of collecting IOCs, participants reported on average 1.2 days quicker, compared with other threat collection sources, according to the organization. Further, these indicators were submitted to HITRUST within minutes of detection, compared with an average of seven weeks previously.

HITRUST has been working for some time to develop a trusted and consistent survey of threats, and its program now is mature, says Daniel Nutkis, CEO of the organization. For example, 95 percent of collected indicators of compromise were useful and actionable this month, compared with about 50 percent previously.

That’s because the IOCs have metadata such as malicious IPs, URLs or domains that gave intelligence enabling preventive or defensive actions to be taken. Further, 100 percent of participating organizations contributed IOCs in the most recent round, compared with 5 percent previously. Initially, most organizations collected threat data but were reluctant to share it, the organization said.

For now, the collection of IOCs is in a pilot stage, and HITRUST has developed ways for smaller organizations to easily submit data and get intelligence relevant to their environment.

“Given the recent rise in ransomware and other malware targeted at the healthcare industry, these pilot developments are extremely significant as they ensure the collection and consumption of more relevant and timely IOCs that can be used by a much larger percentage of the healthcare industry and ultimately bolster the overall cyber posture of this segment of the nation’s critical infrastructure,” the organization said in a statement.

Now, HITRUST is expanding the IOC collection program to include any organization that’s able to meet participation criteria. Some 30 organizations—15 health systems and 15 insurers—will participate in an enhanced collection program that includes using IOC discovery technology from security firm Trend Micro.

Howard Burde, a privacy and security attorney at Howard Burde Health Law in Ardmore, Pa., says the HITRUST program “adds important new tools to the prevention of or response to cyber threats in healthcare. Recent ransomware attacks make increased and constantly evolving tools for prevention and response essential for ongoing healthcare operations. Hopefully, the lessons from the IOC collection pilot will help the healthcare industry stay one step ahead of the current threats, and the ongoing HITRUST program will continue to do so prospectively.”

More for you

Loading data for hdm_tax_topic #care-team-experience...