Latest news
HITRUST establishes incident response center for healthcare Industry
Posted on 27 April 2012.
In light of growing threats posed by cyber attacks targeted at healthcare organizations, the Health Information Trust Alliance (HITRUST) has established the HITRUST Cybersecurity Incident Response and Coordination Center to provide crucial support for the healthcare industry.
This support includes facilitating the early identification of cybersecurity attacks, coordination of response activities and creation of best practices. In addition, the center will make available cyber threat information to the broader industry.
The center was created to protect the U.S. healthcare industry from disruption by cyber attacks. With the timely alerting and sharing of relevant and actionable information on cybersecurity threats and events, the center will be in a position to manage a major industry concern, and move the industry forward by distributing timely information, including identification, corrective actions and lessons learned.
The group will focus on cybersecurity threats and events targeted at healthcare organizations in areas, including, but not limited to, networks, mobile devices, workstations, servers and medical devices. This sharing of information is crucial for organizations’ preparedness, protection and crisis management.
The center is working initially with 14 leading industry organizations, representing health plans and health systems, and the U.S. Department of Health and Human Services to share various incident information.
The center will collaborate with HITRUST and others to identify and remediate incidents, and will also obtain and synthesize cyber threat and response information from numerous other sources to make the information more readily available to center participants. HITRUST will also lead the center’s participants in evaluating appropriate tools and related security mechanisms to support the center’s efforts.
“The center represents a collaborative effort between industry leaders and government to ensure the industry as a whole is better prepared for cyber attacks,” said Daniel Nutkis, chief executive officer, HITRUST. “The commitment of these founding organizations to provide their time, experiences and resources in support of the broader industry is what will make it a success. The support of these organizations combined with the experience HITRUST has in developing and communicating information security concepts to organizations in various segments, of varying sizes and with varying levels of technical knowledge will be crucial in ensuring we arm the industry to respond more timely and aggressively to future cyber attacks.”
HITRUST’s experience during the past five years in supporting the healthcare industry’s efforts for information protection has shown it that the wide variety of types, sizes and competencies of organizations are not well suited to a one-size-fits-all approach.
Therefore, the center’s initial focus will be on early threat detection, alerting, remediation and notification to organizations capable of consuming more technical alerting information.
The center will also work with industry, service and solution providers to identify and implement a method to provide meaningful information to all types of organizations and technical competency levels within the entire industry. Once the method has been implemented the center will transition to a formal Information Sharing and Analysis Center (ISAC).
This support includes facilitating the early identification of cybersecurity attacks, coordination of response activities and creation of best practices. In addition, the center will make available cyber threat information to the broader industry.
The center was created to protect the U.S. healthcare industry from disruption by cyber attacks. With the timely alerting and sharing of relevant and actionable information on cybersecurity threats and events, the center will be in a position to manage a major industry concern, and move the industry forward by distributing timely information, including identification, corrective actions and lessons learned.
The group will focus on cybersecurity threats and events targeted at healthcare organizations in areas, including, but not limited to, networks, mobile devices, workstations, servers and medical devices. This sharing of information is crucial for organizations’ preparedness, protection and crisis management.
The center is working initially with 14 leading industry organizations, representing health plans and health systems, and the U.S. Department of Health and Human Services to share various incident information.
The center will collaborate with HITRUST and others to identify and remediate incidents, and will also obtain and synthesize cyber threat and response information from numerous other sources to make the information more readily available to center participants. HITRUST will also lead the center’s participants in evaluating appropriate tools and related security mechanisms to support the center’s efforts.
“The center represents a collaborative effort between industry leaders and government to ensure the industry as a whole is better prepared for cyber attacks,” said Daniel Nutkis, chief executive officer, HITRUST. “The commitment of these founding organizations to provide their time, experiences and resources in support of the broader industry is what will make it a success. The support of these organizations combined with the experience HITRUST has in developing and communicating information security concepts to organizations in various segments, of varying sizes and with varying levels of technical knowledge will be crucial in ensuring we arm the industry to respond more timely and aggressively to future cyber attacks.”
HITRUST’s experience during the past five years in supporting the healthcare industry’s efforts for information protection has shown it that the wide variety of types, sizes and competencies of organizations are not well suited to a one-size-fits-all approach.
Therefore, the center’s initial focus will be on early threat detection, alerting, remediation and notification to organizations capable of consuming more technical alerting information.
The center will also work with industry, service and solution providers to identify and implement a method to provide meaningful information to all types of organizations and technical competency levels within the entire industry. Once the method has been implemented the center will transition to a formal Information Sharing and Analysis Center (ISAC).
Spotlight
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Daily digest
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
Weekly newsletter
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
