Simulated Cyber Attacks: The Fire Drill Healthcare Needs

January 14, 2014
2 Comments

Fire drills are a part of life --- annoying, disruptive, but ultimately, necessary.

Everyone probably remembers the fire drills they had in elementary school. Line up, walk in a straight line, go outside, and do not horse around. Teachers counting kids hurriedly like pit crew members working on a first place car in the Indy 500. Fire trucks pulling up, giving kids something to stare at in wonderment for a few minutes.

Fire drills, I learned in the past few years, do not disappear when you get old. They happen in high school, college, and yes, the workplace. If you work in New York City like me, you still have to deal with fire safety drills. I’m not sure if that’s the case elsewhere in the country, but in this city, there are stringent emergency action plans to which every building must comply. Every few months or weeks, loud noises sharply cut into our office and let us know that we have to go into the hall for a drill.

Through the most unfortunate of circumstances, we’ve seen over the years that preparation for this kind of event is a good thing, even if preparing for it cuts into important work. That’s why I was pleasantly surprised to see the folks at HITRUST, the Frisco, Texas-based industry group working to establish a common security framework (CSF) for the healthcare industry, announce this week that it is going to lead an industry-wide effort to conduct exercises to simulate cyber attacks on healthcare organizations. The effort will be called CyberRX.

CyberRX, HITRUST says, will include providers, health plans, prescription benefit managers, pharmacies and pharmaceutical manufacturers, and the U.S. Department of Health and Human Services (HHS). The exercises will examine both broad and segment-specific scenarios in which hackers target information systems and other essential technologies in a healthcare environment. The simulated data breaches will happen in March, and findings will be summarized in a report at a HITRUST event in April of this year.

Kevin Charest, chief information security officer, U.S. Department of Health and Human Services, stated about the fire drill: "Our goal for the exercises is to identify additional ways that we can help the industry be better prepared for and better able to respond to cyber attacks. This exercise will generate valuable information we can use to improve our joint preparedness."

I’ve heard of leading organizations doing this sort of thing, and certainly simulations aren’t a new concept in healthcare. In fact, our own managing editor, John DeGaspari recently spoke with Alan Brill, the senior managing director at Kroll, a New York-based risk mitigation and response firm, about the seven cyber security trends for 2014. Included in that list was a tidbit about the importance of simulating data breaches.

Page
of 2Next
Sharpening Awareness of Today.s Cyber Threats...

Don't Miss: The Top Ten Security Concerns in the New Healthcare
Thursday, May 1st at the 2014 Healthcare informatics Executive Summit in San Francisco.

Learn More Or Register Today
Topics

Comments

Proactive vs. Reactive

Thanks for the post Gabriel. How significant is this drill in terms of being proactive vs. reactive to cyber threats? Huge.

Healthcare has always have a reputation of being extremely reactionary to market conditions so this is a good sign that the drill is a readiness test. I am very interested to see the results, it's a shame they won't be ready for the 2014 HIMSS conference!

Thanks and completely agree,

Thanks and completely agree, interested to see how these organizations fare!