Skip to content Skip to navigation

HITRUST Releases New Guidance for Healthcare Organizations to Assess Cybersecurity Preparedness

April 10, 2013
by John DeGaspari
| Reprints
HITRUST Releases New Guidance for Healthcare Organizations to Assess Cybersecurity Preparedness Rise in Cyber Threats Targeted at the Healthcare Industry Leads to Increased Industry Awareness

In response to heightened awareness and concerns about cyber threats, attacks and incidents, the Health Information Trust Alliance (HITRUST) announced today new guidance for healthcare organizations wanting to assess the state of their cybersecurity preparedness. The guidance identifies an appropriate subset of controls within the HITRUST Common Security Framework (CSF) that are most directly related to detecting and thwarting cyber-related breaches and allows organizations to assess against the cyber-specific controls and receive a snapshot of their cyber capabilities and readiness. 

“As predicted, HITRUST has seen a marked increase in the frequency and sophistication of cyber attacks targeted at healthcare organizations,” said Daniel Nutkis, chief executive officer, HITRUST. “What is raising concerns is the amount of personal health information misappropriated from health plans and providers that is for sale on the various hacker forums. As the sophistication and intensity of cyber attacks increases, HITRUST believes it is more critical than ever that healthcare organizations have the appropriate safeguards in place and a means by which to review their current level of preparedness.”

More than a year ago HITRUST established the HITRUST Cyber Threat Intelligence and Incident Coordination Center (C3). The HITRUST C3 provides cyber threat intelligence and incident coordination specific to healthcare organizations and acts as a vehicle for sharing cyber threat information between healthcare organizations and the government. The signing of the White House Cybersecurity Executive Order in February 2013 has added to the awareness and sensitivity of the risks associated with cyber threats and escalating need for cybersecurity preparedness, according to HITRUST.

The HITRUST Cybersecurity Working Group was established to review the CSF and ensure the controls fully incorporate best practices consistent with the various risk factors related to cybersecurity for healthcare organizations. Given the increasing volume, sophistication and risks associated with cyber attacks perpetrated on healthcare organizations and increased awareness by legislators and regulators, HITRUST believes there is real value in providing additional guidance to organizations wanting to review their current level of preparedness, according to the group.

With this guidance, organizations not yet assessing themselves against all the CSF controls will be able to focus immediately on the specific set of CSF controls that are highly related to cybersecurity. They will then be well positioned to complete a full CSF assessment in the future.

The working group will meet at HITRUST’s annual conference in May 2013 to receive industry comments and finalize the guidance. HITRUST does not expect significant changes to the guidance and is releasing the guidance in its current state so that organizations are not delayed in assessing their cybersecurity preparedness.  The working group is also responsible for coordinating the submission of HITRUST’s recommendations to the National Institute of Standards and Technology (NIST) relating to the development of a national Cybersecurity Framework as outlined in the Executive Order. 

Organizations can download a white paper published by HITRUST that describes a basic risk management framework (RMF) and details the HITRUST RMF. 

The new cybersecurity guidance is available for review via HITRUST Central.

Health IT Summit Series - Focus: CYBER-SECURITY

Get the latest information on Cyber-Security, and attend other valuable sessions at this two-day, intimate event bringing together C-level, physician, practice management and IT decision makers for strategy discussions, knowledge exchange, and one-on-one meetings.

Boston, June 23-24   |   Denver, July 12-13
Topics

News

CommonWell Adds eHealth Initiative, DICOM Grid, and Others to Its Growing Alliance

May 4, 2016
The CommonWell Health Alliance announced this week that 11 new members have joined its effort to enhance nationwide health data exchange.

Johns Hopkins Research Finds Medical Errors Third Leading Cause of Death in U.S.; Author Asks CDC to Change ICD Coding System to Record Medical Errors

May 4, 2016
A just-published study by Johns Hopkins Medicine researchers finds 400,000 deaths a year due to medical errors in hospitals.

Health IT Stakeholders Question ONC’s Authority in Proposed EHR Certification Rule

May 3, 2016
Industry stakeholders have given the Office of the National Coordinator for Health IT (ONC) feedback for a proposed rule that would give the agency more power in overseeing and reviewing electronic health records (EHR) and other health IT products.

New Senate Bill Proposes Using Project ECHO as National Model for Rural Care

May 3, 2016
Senators Orrin Hatch (R-Utah) and Brian Schatz (D-Hawaii) have introduced the Expanding Capacity for Health Outcomes (ECHO) Act with the aim of expanding New Mexico’s Project ECHO as a national model for using telehealth for rural care.

NATE, CommonWell Come Together for Interoperability Goals

May 3, 2016
The National Association for Trusted Exchange (NATE) and CommonWell Health Alliance have announced that each would become a member of the other’s organization, agreeing to establish a complementary relationship with the goal of enhancing cross-vendor interoperability.

MIPS Mobile Challenge Aims to Give Clinicians Real-Time Information and Assistance

May 3, 2016
The Centers for Medicare & Medicaid Services (CMS) has launched a competition to develop a mobile platform to help educate physicians and clinicians about the new Merit-based Incentive Payment System (MIPS) program.

CMS Finalizes Its Quality Measure Program

May 3, 2016
Officials at CMS on Tuesday posted the agency’s finalized Quality Measurement Program on its website, focusing on identifying known measurement and performance gaps and developing measures in six key quality “domains”

Survey: Most Digital Health Users Are Not Using EHRs to Manage Their Health

May 2, 2016
While 60 percent of consumers who use digital health tools say they have an electronic health record (EHR), only 22 percent of these patients are accessing EHRs to help make medical decisions, according to a survey by HealthMine.

GOP Senators Want Feds to Include Hospitals for MU Flexibility

May 2, 2016
Six GOP senators have written to federal officials to request feedback on legislation they drafted that would address the ongoing issues with implementation of the meaningful use program.

Last Day to Submit to the Healthcare Informatics 100

May 2, 2016
The Healthcare Informatics 100 has been up and running, but the submission process is ending today. Vendors, you only have one day to submit your data!

CHIME Calls for More Transparent, Uniform Interoperability Standards for Medical Devices

April 29, 2016
The College of Healthcare Information Management Executives (CHIME) is calling on the Food and Drug Administration (FDA) to collaborate with other federal agencies to ensure that medical devices are truly interoperable with electronic heath records (EHR) systems.

Survey: EHR Switches Resulted in Higher Than Expected Costs, Layoffs

April 29, 2016
Four years after what market research firm Black Book calls the inpatient electronic health record (EHR) “replacement frenzy,” surveyed clinicians expressed many doubts about the benefits of switching systems.

Healthcare Informatics Recognized with Four ASHPE Awards

April 29, 2016
Healthcare Informatics has been recognized by the American Society for Healthcare Publication Editors (ASHPE) with four awards as part of the ASHPE’s 2016 Awards Competition.

Truven Health Analytics Identifies 15 Top Health Systems Based on Clinical, Administrative Performance

April 28, 2016
A study by Truven Health Analytics found that the top-performing multi-hospital health systems in the U.S. achieved higher survival rates and fewer errors at a lower overall treatment cost.

Report: Privilege Misuse and End User Errors Leading Threats to Healthcare Security

April 28, 2016
End users are often the weakest link in an organization’s cyber defense as cyber criminals exploit human nature to execute attack patterns such as phishing, according to Verizon Enterprise’s 2016 Data Breach Investigations Report.

Pages