Skip to content Skip to navigation

HITRUST Releases New Guidance for Healthcare Organizations to Assess Cybersecurity Preparedness

April 10, 2013
by John DeGaspari
| Reprints
HITRUST Releases New Guidance for Healthcare Organizations to Assess Cybersecurity Preparedness Rise in Cyber Threats Targeted at the Healthcare Industry Leads to Increased Industry Awareness

In response to heightened awareness and concerns about cyber threats, attacks and incidents, the Health Information Trust Alliance (HITRUST) announced today new guidance for healthcare organizations wanting to assess the state of their cybersecurity preparedness. The guidance identifies an appropriate subset of controls within the HITRUST Common Security Framework (CSF) that are most directly related to detecting and thwarting cyber-related breaches and allows organizations to assess against the cyber-specific controls and receive a snapshot of their cyber capabilities and readiness. 

“As predicted, HITRUST has seen a marked increase in the frequency and sophistication of cyber attacks targeted at healthcare organizations,” said Daniel Nutkis, chief executive officer, HITRUST. “What is raising concerns is the amount of personal health information misappropriated from health plans and providers that is for sale on the various hacker forums. As the sophistication and intensity of cyber attacks increases, HITRUST believes it is more critical than ever that healthcare organizations have the appropriate safeguards in place and a means by which to review their current level of preparedness.”

More than a year ago HITRUST established the HITRUST Cyber Threat Intelligence and Incident Coordination Center (C3). The HITRUST C3 provides cyber threat intelligence and incident coordination specific to healthcare organizations and acts as a vehicle for sharing cyber threat information between healthcare organizations and the government. The signing of the White House Cybersecurity Executive Order in February 2013 has added to the awareness and sensitivity of the risks associated with cyber threats and escalating need for cybersecurity preparedness, according to HITRUST.

The HITRUST Cybersecurity Working Group was established to review the CSF and ensure the controls fully incorporate best practices consistent with the various risk factors related to cybersecurity for healthcare organizations. Given the increasing volume, sophistication and risks associated with cyber attacks perpetrated on healthcare organizations and increased awareness by legislators and regulators, HITRUST believes there is real value in providing additional guidance to organizations wanting to review their current level of preparedness, according to the group.

With this guidance, organizations not yet assessing themselves against all the CSF controls will be able to focus immediately on the specific set of CSF controls that are highly related to cybersecurity. They will then be well positioned to complete a full CSF assessment in the future.

The working group will meet at HITRUST’s annual conference in May 2013 to receive industry comments and finalize the guidance. HITRUST does not expect significant changes to the guidance and is releasing the guidance in its current state so that organizations are not delayed in assessing their cybersecurity preparedness.  The working group is also responsible for coordinating the submission of HITRUST’s recommendations to the National Institute of Standards and Technology (NIST) relating to the development of a national Cybersecurity Framework as outlined in the Executive Order. 

Organizations can download a white paper published by HITRUST that describes a basic risk management framework (RMF) and details the HITRUST RMF. 

The new cybersecurity guidance is available for review via HITRUST Central.

Health IT Summit Series - Focus: CYBER-SECURITY

Get the latest information on Cyber-Security, and attend other valuable sessions at this two-day, intimate event bringing together C-level, physician, practice management and IT decision makers for strategy discussions, knowledge exchange, and one-on-one meetings.

Boston, June 23-24   |   Denver, July 12-13
Topics

News

Study: Kaiser Permanente Telestroke Program Accelerates Stroke Diagnosis and Treatment

July 29, 2016
The use of a life-saving clot-dissolving treatment for patients with acute ischemic stroke increased by 73 percent following the implementation of a Kaiser Permanente telestroke program, according to a study published The Permanente Journal.

Health Systems Collaborating with Fitbit to Use Connected Health Technologies for Research and Patient Engagement

July 29, 2016
Researchers at several large health systems, such as Johns Hopkins University and Northwestern Medicine, have been using Fitbit and Fitabase technologies to incorporate fitness data into clinical studies and for mHealth patient engagement projects.

EHRs Have Largely Positive Impact on Patient Care, Survey Finds

July 29, 2016
Electronic health records (EHRs) and other patient-directed technologies are having a profound, and mostly positive, impact on patient behavior—sometimes enough to cause shifts among patients from one provider to another, according to a new survey from CareCloud.

Statewide Health Information Network for New York Reaches Milestone of 40 Million Patient Records

July 28, 2016
Ten months after the Statewide Health Information Network for New York launched its statewide patient record look up service, healthcare professionals can now access the records of more than 8.8 million patients who have given consent across the state.

Study: New EHR Go-Lives Don’t Impede Patient Care

July 28, 2016
Despite concerns that the implementation of electronic health records (EHRs) might unfavorably impact patient care during the technology transition period, no negative short-term affects were found for 17 U.S. hospitals, according to new research published in the BMJ.

Study: Implementation of Integrated EHR System Improved Nursing Care Quality

July 28, 2016
Incorporating electronic, evidenced-based practice tools into bedside nurses’ workflow promotes decision making at the point of care, which may improve patient care quality, such as reducing hospital-acquired falls, according to a recent study.

Small, Rural and Critical Access Hospitals Lagging Behind On Electronic Data Exchange

July 28, 2016
Small, rural and critical access hospitals are lagging behind larger urban and suburban hospitals with regard to interoperable data exchange and use of electronic health information, according to an ONC data brief.

HIMSS Study Finds Gender-Based Pay Gaps in Health IT Widened in the Past 10 Years

July 27, 2016
According to a longitudinal assessment by HIMSS, female health IT workers in the U.S. have been consistently paid less over the past 10 years than their male peers, with the pay gap disparity worsening over time.

CMS Releases Updated Quality Star Ratings for Hospitals

July 27, 2016
After much anticipation, the Centers for Medicare & Medicaid Services (CMS) has finally published the first release of its overall hospital quality star ratings on the agency’s Hospital Compare website.

AMA, Omada Health and Intermountain Healthcare Collaborate on Diabetes Prevention Initiative

July 27, 2016
The American Medical Association, digital health company Omada Health, and Salt Lake City-based Intermountain Healthcare are collaborating on an evidence-based online diabetes prevention program with the aim of reducing the incidence of type 2 diabetes.

Ransomware Now Most Profitable Malware Type, Weaker Security Makes Healthcare a Target, Research Says

July 27, 2016
Cisco recently released its 2016 Midyear Cybersecurity Report and, according to its latest threat intelligence and trend analyses, while ransomware is not a new threat, it has evolved to become “the most profitable malware type in history.”

Report: 88 Percent of All Ransomware Is Detected in Healthcare Industry

July 27, 2016
A report from Omaha, Neb.-based Solutionary, a cybersecurity service provider, found that 88 percent of all ransomware detected in the second quarter of 2016 was within the healthcare industry.

ONC Data Reveals Top Vendors Used for Meaningful Use Program

July 27, 2016
The Office of the National Coordinator for Health Information Technology (ONC) has released data for the health IT vendors most used by providers participating in the Medicare EHR Incentive Program.

Survey: Majority of Hospitals Face Challenges, Lack of Readiness for eCQM Data Reporting

July 26, 2016
More than three-fourths of hospitals, or 78 percent, still have work ahead of them in order to successfully submit electronic clinical quality measures (eCQM) data as part of the Hospital Inpatient Quality Reporting (IQR) program by the Feb. 28, 2017 deadline.

HHS to Fund Cybersecurity Information Sharing Organization

July 26, 2016
The U.S. Department of Health and Human Services plans to fund a cybersecurity information sharing and analysis organization for the healthcare and public health sector.

Pages