Cyberattack alerts coming to healthcare
Attacks cost healthcare organizations $5.44 million annually, on average
If you're in charge of a healthcare organization's data privacy and security, listen up. You now have a new, valuable resource at your fingertips.
HITRUST, in collaboration with the Department of Health and Human Services, announced Thursday that it will conduct monthly cyber threat briefings and alerts for the healthcare industry. So, first, if there's a cybersecurity attack, you'll know about it; second, you'll get actionable data on recent, ongoing and prospective cyber threats and learn best-practices for combating them.
The briefings are slated to kick off in April and will be held online.
Due to a surge in the number of security attacks in healthcare -- and the hefty price tag that accompanies them -- HITRUST has also created a cyber threat alerting system to notify groups when they identify a high probability and impact cyber threats targeted at the industry. The alerting system, C3 Alert, is being coordinated with the Healthcare and Public Health Sector and Government Coordinating Councils.
[See also: Mock cyberattacks coming to healthcare.]
The C3 Alerts, free of charge, will be issued anytime HITRUST C3 identifies a present and immediate cyber-threat relevant to a large number of healthcare organizations, medical devices or systems.
Many industry officials are ready to take advantage of the briefings and alert system – Children's Medical Center of Dallas being one.
"Having access to alerts, threat intelligence and lessons learned that are relevant to our organization is important, as it helps ensure that we will maximize our efforts in addressing cyber threats," said Aaron Miri, chief technology officer, Children’s Medical Center of Dallas, in a March 13 press statement. "Information protection is a priority for our organization, but we need to be as efficient as possible in doing so."
And the resource isn't just for 595-bed hospitals either, officials point out. Even health giants are signing on.
[See also: 'Ethical hacker' calls BYOD a nightmare.]
"Even with our size and level of our information security program's maturity, I recognize that participating in a functional information sharing and analysis organization, like HITRUST C3, is key to ensuring we have access to the latest and most accurate threat intelligence," said Roy Mellinger, vice president and chief information security officer, WellPoint, in a press statement.
According to a 2013 Ponemon Institute/HP study, cyberattacks cost healthcare organizations on average $5.44 million annually, up nearly $100,000 from 2011.
And, as Ponemon officials point out, cyberattacks are far from just some hypothetical event for which an organization should prepare. They are a reoccurring reality nowadays. Organizations were reported to have experienced an average of 122 successful attacks per week, with a total resolve time totaling 32 days.
An analysis of HITRUST security assessments performed over the last year indicates progress has been achieved in every information security control area across various segments and organizational sizes, officials point out, although the most progress with regard to cyber security appears to be in larger organizations with annual revenues over $6 billion.
"Collaboration is crucial to reducing cyber threats for the entire healthcare industry, including the government," said Kevin Charest, chief information security officer, HHS, in a press statement. "These briefings and alerts allow us to better disseminate valuable and critical information to healthcare organizations more effectively so they can better prepare and respond to cyber threats and events."
If you're in charge of a healthcare organization's data privacy and security, listen up. You now have a new, valuable resource at your fingertips.
HITRUST, in collaboration with the Department of Health and Human Services, announced Thursday that it will conduct monthly cyber threat briefings and alerts for the healthcare industry. So, first, if there's a cybersecurity attack, you'll know about it; second, you'll get actionable data on recent, ongoing and prospective cyber threats and learn best-practices for combating them.
The briefings are slated to kick off in April and will be held online.
Due to a surge in the number of security attacks in healthcare -- and the hefty price tag that accompanies them -- HITRUST has also created a cyber threat alerting system to notify groups when they identify a high probability and impact cyber threats targeted at the industry. The alerting system, C3 Alert, is being coordinated with the Healthcare and Public Health Sector and Government Coordinating Councils.
[See also: Mock cyberattacks coming to healthcare.]
The C3 Alerts, free of charge, will be issued anytime HITRUST C3 identifies a present and immediate cyber-threat relevant to a large number of healthcare organizations, medical devices or systems.
Many industry officials are ready to take advantage of the briefings and alert system – Children's Medical Center of Dallas being one.
"Having access to alerts, threat intelligence and lessons learned that are relevant to our organization is important, as it helps ensure that we will maximize our efforts in addressing cyber threats," said Aaron Miri, chief technology officer, Children’s Medical Center of Dallas, in a March 13 press statement. "Information protection is a priority for our organization, but we need to be as efficient as possible in doing so."
And the resource isn't just for 595-bed hospitals either, officials point out. Even health giants are signing on.
[See also: 'Ethical hacker' calls BYOD a nightmare.]
"Even with our size and level of our information security program's maturity, I recognize that participating in a functional information sharing and analysis organization, like HITRUST C3, is key to ensuring we have access to the latest and most accurate threat intelligence," said Roy Mellinger, vice president and chief information security officer, WellPoint, in a press statement.
According to a 2013 Ponemon Institute/HP study, cyberattacks cost healthcare organizations on average $5.44 million annually, up nearly $100,000 from 2011.
And, as Ponemon officials point out, cyberattacks are far from just some hypothetical event for which an organization should prepare. They are a reoccurring reality nowadays. Organizations were reported to have experienced an average of 122 successful attacks per week, with a total resolve time totaling 32 days.
An analysis of HITRUST security assessments performed over the last year indicates progress has been achieved in every information security control area across various segments and organizational sizes, officials point out, although the most progress with regard to cyber security appears to be in larger organizations with annual revenues over $6 billion.
"Collaboration is crucial to reducing cyber threats for the entire healthcare industry, including the government," said Kevin Charest, chief information security officer, HHS, in a press statement. "These briefings and alerts allow us to better disseminate valuable and critical information to healthcare organizations more effectively so they can better prepare and respond to cyber threats and events."
