HITRUST Offers Automated Early Warning on Cyber Threats

With the number of cyber attacks targeting healthcare industry organizations increasing, the Health Information Trust Alliance (HITRUST) has rolled out a Cyber Threat XChange (CTX) to automate the process of collecting and analyzing cyber threats and distributing actionable indicators in electronically consumable format that organizations can use to improve their cyber defenses. HITRUST said the CTX would act as an advanced early warning system as cyber threats such as the recent Bash bug are perpetrated on the industry.

Initial participating organizations include: Express Scripts; FireHost; Health Care Services Corp.; Highmark Health, Humana; Seattle Children’s Medical Center; UnitedHealth Group; University of Rochester Medical Center; and WellPoint.

Access to an automated service will provide early detection and faster analysis by the HITRUST Cyber Threat Intelligence and Incident Coordination Center (C3) and allow organizations to mitigate cyber threats quicker and more effectively, according to the nonprofit HITRUST, which is based in Frisco, Texas.

The service will use the Structured Threat Information Expression (STIX), Trusted Automated eXchange of Indicator Information (TAXII) and Cyber Observable eXpression (CybOx) standards for transmission of information.

“The biggest challenge we face is not knowing how to prioritize and act upon the growing list of cyber threats — especially in healthcare organizations who are being increasingly targeted yet who are often limited by smaller staffs or resources, and burdened with threat analysis and incident response,” said Cris Ewell, chief information security officer for Seattle Children’s Hospital, in a prepared statement.