A newly formed entity, the HITRUST Cybersecurity Incident Response and Coordination Center, will provide support to the healthcare industry through early identification of cybersecurity attacks, coordination of response activities and creation of best practices.
Leaders of the Health Information Trust Alliance (HITRUST) announced the launch of the new center this week. Officials said the center will also make available cyber threat information to the broader industry.
According to HITRUST, the center will focus on cybersecurity threats and events targeted at healthcare organizations in areas including networks, mobile devices, workstations, servers and medical devices. That sharing of information is crucial for organizations’ preparedness, protection and crisis management, HITRUST leaders noted.
“Cyber attacks are an increasing concern for every organization and Wellpoint recognizes an important component of our strategy is to collaborate with industry and government to most effectively address this issue,” said Roy Mellinger, vice president and chief information security officer at Wellpoint.
The center is working initially with 14 leading industry organizations, representing health plans and health systems, and the U.S. Department of Health & Human Services to share various incident information, according to HITRUST. The center will collaborate with HITRUST and others to identify and remediate incidents, and will also obtain and synthesize cyber threat and response information from numerous other sources to make the information more readily available to center participants. HITRUST will lead the center’s participants in evaluating appropriate tools and related security mechanisms to support the center’s efforts.
Daniel Nutkis, CEO of HITRUST, said the commitment of the founding organizations to provide their time, experiences and resources in support of the broader industry is what will make it a success.
“The support of these organizations combined with the experience HITRUST has in developing and communicating information security concepts to organizations in various segments -- of varying sizes and with varying levels of technical knowledge -- will be crucial in ensuring we arm the industry to respond more timely and aggressively to future cyber attacks,” Nutkis added.
HITRUST’s experience during the past five years in supporting the healthcare industry’s efforts for information protection has revealed that the wide variety of types, sizes and competencies of organizations are not well suited to a “one-size-fits-all” approach. Therefore, the center’s initial focus will be on early threat detection, alerting, remediation and notification to organizations capable of consuming more technical alerting information, HITRUST leaders said.
The center will also work with industry, service and solution providers to identify and implement a method to provide meaningful information to all types of organizations and technical competency levels within the entire industry. Once the method has been implemented, the center will transition to a formal Information Sharing and Analysis Center.
“As the healthcare industry continues its conversion process to full patient electronic medical records, it will most certainly become a more frequent target of cybersecurity attacks, and having such a system in place in the near future will be key to collaboratively responding and preventing such attacks,” said Jorge DeCesare, chief data security administrator, Dignity Health.
Follow Diana Manos on Twitter @DManos_IT_News.