Current Cybersecurity Framework Insufficient Against Attacks

April 22, 2014 in News

Health care organizations could do more to prepare for and coordinate against unexpected cyberattacks, according to a new report on cybersecurity, Clinical Innovation and Technology reports (Pedulli, Clinical Innovation and Technology, 4/21).

Background on CyberRX Project

In January, HHS and the Health Information Trust Alliance announced a partnership on a cybersecurity initiative, called CyberRX, that will simulate cyberattacks on health care organizations and then evaluate how the industry responds to such threats.

The project involves participants from 12 health care organizations, including:

  • Children’s Medical Center in Dallas;
  • CVS Caremark;
  • Express Scripts;
  • Health Care Service;
  • Highmark;
  • Humana;
  • UnitedHealth Group; and
  • WellPoint (iHealthBeat, 1/13).

Jim Koenig — principal, global leader, commercial privacy, cybersecurity and incident response for health at Booz Allen Hamilton, which observed CyberRX — said the project aims to:

  • Build awareness of cyberattacks;
  • Explore how organizations react and stay operational in the face of complex risks;
  • Promote information sharing about the threats; and
  • Understand systematic risks to patients related to disruptions.

Results of CyberRX Simulation

The first cyberattack simulation occurred on April 1 (Clinical Innovation and Technology, 4/21).

The attack targeted:

  • HealthCare.gov;
  • Health information exchanges;
  • Health information systems; and
  • Medical devices.

Overall, the test found that organizations’ preparedness varied across multiple areas, including:

  • Ability to process threat intelligence;
  • The effect on business and clinical operations;
  • The effect on outside business partners; and
  • IT-related issues (Conn, Modern Healthcare, 4/21).

During a press conference, Koenig highlighted five main findings from the exercise:

  • Organizations that take part in cybersecurity exercises are more prepared for cyberattacks, regardless of their information security programs;
  • Preparedness against cyberattacks improves from increased data processing and coordination with other stakeholders;
  • Incident response coordination capabilities are crucial and should be increased;
  • Organizations desire more abilities to freely communicate and collaborate during cyberattacks; and
  • The generic national cybersecurity framework for crucial infrastructure is not adequate to support health care organizations against today’s cyber threat landscape (Clinical Innovation and Technology, 4/21).
Be the first to like.
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Article source: http://feedproxy.google.com/~r/Ihealthbeat/~3/pEZtc2hzktE/current-cybersecurity-framework-insufficient-against-attacks

Be Sociable, Share!
Bookmark and Share

Leave a reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>