Is Healthcare Sector Ready for Cyber Threats?

April 21, 2014
On April 1, a cross-section of healthcare industry information security executives took part in the first full-day interactive simulation of an industry-wide cyber threat. During the CyberRX simulation, companies displayed a wide range in terms of organizational preparedness for processing threat intelligence and communicating and engaging with other stakeholders.

On April 1, a cross-section of healthcare industry information security executives took part in the first full-day interactive simulation of an industry-wide cyber threat. During the CyberRX simulation, put on by the nonprofit Health Information Trust Alliance (HITRUST) in coordination with the U.S. Dept. of Health and Human Services, companies displayed a wide range in terms of organizational preparedness for processing threat intelligence and communicating and engaging with other stakeholders, internally and externally, noted Jim Koenig, principal, Global Leader, Commercial Privacy, Cybersecurity and Incident Response for Health at consulting firm Booz Allen Hamilton.

Participants in the CyberRX exercise included athenahealth, Children’s Medical Center of Dallas, Cooper Health, CVS Caremark, Express Scripts, Health Care Services Corp, Highmark, Humana, United Health Group, the U.S. Department of Health and Human Services and WellPoint.

Here are the four exercises the participants worked through:

• A major news network has just reported a posting of a large file of usernames and plain text passwords represented to be participants across the U.S. healthcare system. The report sensationally states that the file contains usernames and passwords for patients, doctors, and nurses across the industry. The conclusion of the expert is that Healthcare.gov has been compromised as have offices, hospitals, and major insurance companies. These reports are widely repeated and amplified across major news networks.

A blogger reports customer data for three major health plan providers’ networks have been infiltrated for months and they have full access to customer data.

• During a drug raid in California, the FBI discovers a large quantity of forged doctor prescription pads and the information gets leaked to the public.

Local news reports a doctor in California is being interrogated on suspicion of altering radiology readings.

Koenig said the exercise helps enhance awareness of cyber threats to the healthcare services industry, and helps providers understand risk to the healthcare system and patients due to disruptions. A goal is to promote information sharing about cyber threats and vulnerabilities among healthcare organizations and government.

“The growing adoption and widespread use of mobile devices in healthcare increases the exposure to potential attacks,” Koenig said. An exercise such as this allows chief information security officers to think about interconnectedness and the choreography of a joint response between the industry and government.

Although they all face the potential chill from legal restrictions, participants suggested that greater industry-wide collaboration is needed and that HITRUST’s Cyber Threat Intelligence and Incident Coordination Center should be enhanced to better support broader and more effective collaboration.

Kevin Charest, chief information security officer for HHS, said the exercise demonstrated how challenging information sharing can be, but said his organization found it very worthwhile and that HHS would continue to participate.  “We are all together in this fight.”

The next CyberRX exercise is scheduled for Summer 2014.

Sponsored Recommendations

Improving Workplace Safety and Patient Care in Behavioral Health

In 2023, Vail Health enhanced safety in their behavioral health clinic, but the impact went beyond their expectations. Read their case study to see how prioritizing workplace ...

Transforming Hospital Capacity Through Smarter Patient Progression Strategies

Helping patients move seamlessly through every stage of their care, from admission to discharge, is critical to ensuring patient safety, improving outcomes, and optimizing capacity...

Beyond the AI Buzz: How Clinicians Can Leverage AI for Value-Based Success

Watch on-demand to explore the impact of implementing AI in primary care settings to reduce burnout and thrive in value-based care. Including practical takeaways on driving clinician...

Building the Connected Hospital: Bridging Operational Gaps Through Technology

Join industry leaders to explore how advanced technologies like RFID, AI, EMR, and ERP systems are transforming hospitals into connected ecosystems that enhance efficiency, streamline...