Healthcare Cybersecurity Drills Slated

2 Mock Cyber-Attack Exercises Planned
Healthcare Cybersecurity Drills Slated

The healthcare industry plans to test its cybersecurity preparedness and attack response coordination through two mock cyber-attack exercises this year.

See Also: Research Survey Results Report: Evaluating Managed Security Provider Offerings in 2023

The exercises, dubbed CyberRX, will involve the U.S. Department of Health and Human Services and several large companies in various healthcare sectors. The Health Information Trust Alliance will coordinate the drills.

HITRUST is best known for establishing the Common Security Framework, which can be used by any organization that creates, accesses, stores or exchanges personal health and financial information.

The first simulated cyber-attack is slated for a two-day period in March. Twelve organizations, including those in the pharmaceutical, insurance and provider sectors, are expected to participate, according to HITRUST. In addition to HHS, participants revealed so far include Children's Medical Center Dallas, CVS Caremark, Express Scripts, Health Care Service Corp, Highmark, Humana, UnitedHealth Group and WellPoint.

HITRUST is recruiting participants for the second CyberRX exercise, which is slated for the summer.

Details on the Drills

The exercises will simulate both broad and segment-specific attack scenarios "targeting information systems, medical devices and other essential technology resources of the healthcare industry," HITRUST reports. "CyberRX findings will be analyzed and used to identify areas for improvement in the coordination of the HITRUST Cyber Threat Intelligence and Incident Coordination Center; with security and incident response programs; and in information sharing between healthcare organizations, HITRUST and government agencies."

The coordination center provides cyberthreat warning and threat intelligence services to help healthcare organizations prioritize their cybersecurity efforts and raise security awareness by informing them of general and sector-specific threats.

The findings of the first drill will be summarized in a report distributed to the industry and presented at the HITRUST 2014 Conference in April.

"Our goal for the exercises is to identify additional ways that we can help the industry be better prepared for and better able to respond to cyber-attacks," says Kevin Charest, chief information security officer at HHS.

Other Goals

Other objectives of the exercise include:

  • Developing a better understanding of the healthcare industry's cyberthreat response readiness;
  • Testing the coordination with HHS relating to cyberthreats and the healthcare industry response;
  • Documenting threat and attack scenarios of value for future exercises involving additional healthcare industry organizations and in support of industry preparedness.

CyberRX grew out of a Cyber Threat Preparedness Summit in December 2013, which HITRUST and HHS conducted.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.