As cyberattacks targeting healthcare organizations reach record heights, a new partnership initiative has set its sights on getting the industry's threat response on track and ready to go. 

 

The U.S. Department of Health and Human Services has teamed up with HITRUST to launch CyberRX, an industry-wide effort to simulate cyberattacks on all types of healthcare entities, officials announced Monday. 

 

The results will be used to evaluate industry response and threat preparedness against attacks and attempts to disrupt healthcare operations. The initiative will also gauge HHS' level of coordination and response time to industry events. 

 

[See also: 'Ethical hacker' calls BYOD a nightmare.]

 

Officials say the simulated cyberattacks, slated to kick off in March, will target the information systems, medical devices and other technology sources owned and operated by providers, health plans, prescription benefit managers, pharmaceuticals, and HHS. 

 

"We have been coordinating and collaborating with HITRUST to enhance the resources available to the healthcare industry," said Kevin Charest, HHS chief information security officer, in a Jan. 13 statement. "Our goal for the exercises is to identify additional ways that we can help the industry be better prepared for and better able to respond to cyberattacks. This exercise will generate valuable information we can use to improve our joint preparedness."

 

Twelve organizations will participate in the initiative, including Children's Medical Center Dallas, CVS Caremark, Express Scripts, Health Care Service Corp., Highmark, Humana, UnitedHealth Group and WellPoint.

 

Following the two-day-long attack simulation, the findings will be analyzed and used to identify areas for industry improvement, and a following exercise will take place in summer 2014. 

 

[See also: 4 cyber security threats for 2013.]

 

WellPoint vice president and chief information security officer Roy Mellinger said the exercise represents a "crucial step" in preparing the industry for these types of attacks, which will only increase down the road. "It will allow organizations to evaluate and improve their processes and identify gaps in what is needed industry-wide and from government," he said in a statement. 

 

According to a 2013 Ponemon Institute/HP study, cyberattacks cost healthcare organizations on average $5.44 million annually, up nearly $100,000 from 2011.

 

And, Ponemon officials point out, cyberattacks aren't just some hypothetical event for which an organization should prepare. They're a reoccurring reality nowadays. Organizations were reported to have experienced an average of 122 successful attacks per week, with a total resolve time totaling 32 days. 

 

"The threat landscape continues to evolve as cyberattacks grow in sophistication, frequency and financial impact," said Frank Mong, vice president and general manager, solutions, enterprise security products at HP, in an Oct. 8 statement announcing study findings.

 

[See also: IT security standards in the making.]