The US healthcare industry is following on the footsteps on the banking industry. The Health Information Trust Alliance, or HITRUST, has announced a cyber security exercise that will put the healthcare industry’s operations to the test.
The exercise, dubbed CyberRX, will help the organization determine how well they’re prepared to handle attacks from cyberspace.
Providers, prescription benefit managers, pharmaceutical manufacturers and pharmacies, and the US Department of Health and Human Services (DHHS) will take part. The attacks simulated as part of CyberRX will target information systems, medical devices and other crucial technology resources.
The results of the exercise will be included in a report that will be presented at HITRUST 2014 in April. Based on the outcome, areas where improvements can be made will be identified.
“We have been coordinating and collaborating with HITRUST to enhance the resources available to the healthcare industry,” said Kevin Charest, CISO at the DHHS.
“Our goal for the exercises is to identify additional ways that we can help the industry be better prepared for and better able to respond to cyber attacks. This exercise will generate valuable information we can use to improve our joint preparedness.”
HITRUST says there will actually be two CyberRX exercises. One will take place in March and one in the summer of 2014.
The first aims at determining the industry’s cyber threat response readiness. It also seeks to measure the effectiveness of the HITRUST Cyber Threat Intelligence and Incident Coordination Center (C3), test coordination with the DHHS, and document attack scenarios.
In the spring exercise, a total of 12 organizations will take part, including Health Care Service Corp, the Children’s Medical Center Dallas, Express Scripts, Humana, CVS Caremark, UnitedHealth Group, Highmark, and WellPoint.
“As cyber threats continue to increase and the number of attacks targeted at healthcare organizations rise, industry organizations are seeking useful and actionable information with guidance that augments their existing information security programs without duplication or complication,” noted Daniel Nutkis, CEO of HITRUST.
“CyberRX will undoubtedly provide invaluable information that can be used by organizations to refine their information protection programs and will enable HITRUST C3 to better serve the healthcare industry and support public and private industry partnerships.”