A new service has been launched to help healthcare providers gain the upper hand on cyber attacks.
HITRUST, in collaboration with the Department of Health and Human Services, will conduct monthly cyber threat briefings and alerts for the healthcare industry. The briefings are slated to kick off in April and will be held online.
In addition, due to a surge in the number of security attacks in healthcare – and the hefty price tag that accompanies them – HITRUST has created a cyber threat alerting system to notify groups when they identify a high probability and impact cyber threat targeted at the industry. The alerting system, C3 Alert, is being coordinated with the Healthcare and Public Health Sector and Government Coordinating Councils.
The C3 Alerts, free of charge, will be issued anytime HITRUST C3 identifies a present and immediate cyber threat relevant to a large number of healthcare organizations, medical devices or systems.
Healthcare systems of all kinds are ready to take advantage of the briefings and alert system, including Children's Medical Center of Dallas and Wellpoint.
"Having access to alerts, threat intelligence and lessons learned that are relevant to our organization is important, as it helps ensure that we will maximize our efforts in addressing cyber threats," said Aaron Miri, chief technology officer at Children's Medical center of Dallas, in a March 13 press statement. "Information protection is a priority for our organization, but we need to be as efficient as possible in doing so."
"Even with our size and level of our information security program's maturity, I recognize that participating in a functional information sharing and analysis organization, like HITRUST C3, is key to ensuring we have access to the latest and most accurate threat intelligence," said Roy Mellinger, vice president and chief information security officer for WellPoint, in a press statement.
According to a 2013 Ponemon Institute/HP study, cyber attacks cost healthcare organizations on average $5.44 million annually, up nearly $100,000 from 2011. And they're far from just some hypothetical event for which an organization should prepare. They are a reoccurring reality nowadays. Organizations were reported to have experienced an average of 122 successful attacks per week, with a total resolve time totaling 32 days.
An analysis of HITRUST security assessments performed over the last year shows progress being made in every information security control area across various segments and organizational sizes, officials said, although the most progress with regard to cyber security appears to be in larger organizations with annual revenues over $6 billion.
"Collaboration is crucial to reducing cyber threats for the entire healthcare industry, including the government," said Kevin Charest, the HHS' chief information security officer, in a press statement. "These briefings and alerts allow us to better disseminate valuable and critical information to healthcare organizations more effectively so they can better prepare and respond to cyber threats and events."
(This story first appeared in Healthcare IT News)
