New Early Warning System for Health Cyber Threats
HITRUST, a healthcare industry stakeholder coalition working to improve cybersecurity, has launched its third major service during 2014.
HITRUST, a healthcare industry stakeholder coalition working to improve cybersecurity, has launched its third major service during 2014.
In March, the organization started offering free monthly healthcare cyber threat briefings in partnership with the Department of Health and Human Services. Last spring, it also pilot tested a cyber attack simulation exercise in which a third party launches real but harmless attacks on participating organizations information networks to assess how well they recognize and respond to the attack. That program is accelerating this month as about 750 healthcare organizations are participating and being attacked, with three levels of sophistication depending on each participants security readiness.
Now, HITRUST has built and is pilot testing the Cyber Threat XChange (CTX), an automated service to provide early detection and faster analysis of cyber threats that participating organizations collect and submit to CTX.
Initial pilot participants include Express Scripts, Health Care Services Corp., Highmark Health, Humana, Seattle Childrens Medical Center, UnitedHealth Group, University of Rochester Medical Center, WellPoint and secure cloud hosting vendor FireHost. HITRUST expects CTX to go live in January 2015.
CTX also will analyze the threat indicators it collects against other threat sources across multiple industries and against the United States Computer Emergency Readiness Team, called US-CERT and in the Department of Homeland Security. US-CERT coordinates cyber information sharing and managing of risk.
Although the methods used by threat actors may be similar across industries, understanding the motives and targets affords valuable insights currently not available and critical for early response and alerting specific for the entire healthcare industry, according to a HITRUST explanation of the need for CTX. Consequently, CTX will enable healthcare organizations to sift through tens of thousands of cyber threats to identify which threats they should be worried about now.
In March, the organization started offering free monthly healthcare cyber threat briefings in partnership with the Department of Health and Human Services. Last spring, it also pilot tested a cyber attack simulation exercise in which a third party launches real but harmless attacks on participating organizations information networks to assess how well they recognize and respond to the attack. That program is accelerating this month as about 750 healthcare organizations are participating and being attacked, with three levels of sophistication depending on each participants security readiness.
Now, HITRUST has built and is pilot testing the Cyber Threat XChange (CTX), an automated service to provide early detection and faster analysis of cyber threats that participating organizations collect and submit to CTX.
Initial pilot participants include Express Scripts, Health Care Services Corp., Highmark Health, Humana, Seattle Childrens Medical Center, UnitedHealth Group, University of Rochester Medical Center, WellPoint and secure cloud hosting vendor FireHost. HITRUST expects CTX to go live in January 2015.
CTX also will analyze the threat indicators it collects against other threat sources across multiple industries and against the United States Computer Emergency Readiness Team, called US-CERT and in the Department of Homeland Security. US-CERT coordinates cyber information sharing and managing of risk.
Although the methods used by threat actors may be similar across industries, understanding the motives and targets affords valuable insights currently not available and critical for early response and alerting specific for the entire healthcare industry, according to a HITRUST explanation of the need for CTX. Consequently, CTX will enable healthcare organizations to sift through tens of thousands of cyber threats to identify which threats they should be worried about now.