HITRUST To Conduct Study on Health Care Industry Cyberthreats
April 8, 2015 in News
Background on Data Breaches
The announcement follows the disclosure of several major health data breaches in recent months (Rubenfire, Modern Healthcare, 4/6).
In February, Anthem announced that hackers had accessed a database containing the personal information of 78.8 million customers, former customers and employees across the U.S. (iHealthBeat, 2/25). On March 17, Premera — a health insurer based in Washington state — announced a massive cyberattack that occurred in May 2014 and might have exposed the personal information of more than 11 million individuals (iHealthBeat, 3/31).
Details of HITRUST Announcement
According to FierceHealthIT, the HITRUST study will seek to better understand the severity and reasons behind health data breaches.
In addition, the study will aim to identify specific cyberattack patterns.
HITRUST CEO Daniel Nutkis in the announcement said, “[W]e need more facts to better dissect threats and develop a corresponding strategy to address them. This research will provide valuable data to those charged with keeping health care information secure” (Dvorak, FierceHealthIT, 4/6).
The study itself, called HITRUST Cyber Discovery, will be conducted over a 90-day period and include more than 200 health plans and providers (Goedert, Health Data Management, 4/7).
Participants will be provided software and hardware from vendor Trend Micro to:
- Analyze malware and other threats;
- Identify advanced persistent threats; and
- Study cyberattacks against specific data, organizations and sectors.
Participants then will provide HITRUST with anonymized data for further analysis (Modern Healthcare, 4/6).
In addition, Trend Micro will provide participants with their own threat data and offer recommendations for forensic analysis.
HITRUST said that it plans to publish a report with initial findings and recommendations in September (Health Data Management, 4/7).