HITRUST Pilot Project Advances Cyber Threat Information Sharing | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

HITRUST Pilot Project Advances Cyber Threat Information Sharing

June 8, 2016
by Heather Landi
| Reprints
Click To View Gallery

The Health Information Trust Alliance (HITRUST) announced that it’s latest industry pilot project to improve the collection and sharing of cyber threat information is helping aid organizations in reducing their cyber risk.

Due to the successful pilot project, HITRUST, an organization focused on safeguarding health information systems and exchanges, also announced it is expanding the Enhanced IOC Collection program, and any organization meeting the criteria can request to participate. In addition, HITRUST will enable another 30 organizations in the Enhanced IOC Collection Pilot program, representing 15 health plans and 15 health systems. These organizations will be provided with Deep Discovery Technology from Trend Micro and associated installation, training, support, and integration with HITRUST Cyber Threat Xchange (CTX), a program to help healthcare organizations collect and share cyber threat information, the organization said.

Indicators of Compromise, or IOC, are shared data objects that describe, with a high degree of confidence, that an intrusion may have taken place or that a threat actor is operating within a target environment, according to a HITRUST press release. An IOC includes not only hard factual data, but also context and metadata that help describe the threat be understood and processed.

In the press release, HITRUST stated that the results of the Enhanced IOC Collection Pilot indicate that healthcare organizations can dramatically improve the timeliness, completeness, usability and volume of IOCs contributed to the HITRUST CTX by implementing the enhanced criteria—defined in the November 2015 review of the HITRUST CTX entitled Health Industry Cyber Threat Information Sharing and Analysis Report.

The HITRUST CTX was created to significantly accelerate the detection and response to cyber threats targeted at the healthcare industry. HITRUST CTX automates the process of collecting and analyzing cyber threats and distributing indicators in electronically consumable formats that organizations of varying sizes and cyber security maturity can utilize to improve their cyber defenses, the organization said.

According to HITRUST, 100 percent of the Enhanced IOC Collection Pilot group members submitted IOCs during the 30-day period, compared to only a small percentage of organizations—5 percent—that previously contributed IOCs. Another way that the pilot project made a difference was that, during that same 30-day timeframe, 88 percent of the IOCs collected were unique—that is, not previously seen or identified by any open source, DHS CISCP, leading commercial feeds or otherwise provided to the HITRUST CTX. This increase in unknown, unique submissions means healthcare organizations can better prepare for and respond faster to new and emerging cyber threats, HITRUST stated.

The pilot also proved that threat information sharing shouldn’t be limited to only the largest organizations. HITRUST learned that the scalable sharing of IOCs is required throughout healthcare organizations of varying size, intelligence appetite, and security maturity, according to a HITRUST blog post.

The organization also asserts that given the recent rise in ransomware and other malware targeted at the healthcare industry, these pilot developments are significant as they ensure the collection and consumption of more relevant and timely IOCs that can be used by a much larger percentage of the healthcare industry.

“When cyber threat information is timely, consumable, actionable, and available to a much larger audience, it becomes a much more valuable resource in defending our environment and the entire healthcare eco-system against attacks,” said Omar, Khawaja, vice president and chief information security officer, Highmark Health, said in a statement.

The data from the Enhanced IOC Collection Pilot indicated that IOCs were reported to the HITRUST CTX on average 1.2 days before being seen or identified by any other open source, commercial, DHS CISCP, or user contributed feeds to the HITRUST CTX. And, the data indicated that IOCs where submitted in a matter of minutes to the HITRUST CTX compared to an average of 7 weeks after detection by those submitted previously. In addition, many organizations were not effectively identifying IOCs at all.

And, data from the pilot project also indicated that 95 percent of the IOCs contributed to the HITRUST CTX had metadata (i.e. malicious IPs, URLs or domains) that made them actionable for use by others, defined as being useful in allowing preventative or defensive action to be taken without a significant risk of a false positive. Previously only 50 percent of the IOCs contributed to the HITRUST CTX were considered actionable.

HITRUST also announced a number of enhancements to the platform and service for its HITRUST CTX, such as the new CTX Threat Analysis Reporting Service, which provides a method for organizations without SIEM technology to gain access to IOCs relevant to their environment.

“Many years ago, HITRUST recognized that the approaches taken by other industries with regards to cyber information sharing were not fully transferable to the healthcare industry,” Daniel Nutkis, CEO, HITRUST, said in a statement. “The pilot advancements in these two areas show that the CTX continues to evolve, improve, and lead by innovating and ensuring IOC sharing is providing the most value to the broadest group of constituents to help the healthcare industry reduce overall cyber risk.”


Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Healthcare Execs Anticipate High Cost Returns from Predictive Analytics Use

Healthcare executives are dedicating budget to predictive analytics, and are forecasting significant cost savings in return, according to new research from the Illinois-based Society of Actuaries.

Adam Boehler Tapped by Azar to Serve as Senior Value-Based Care Advisor

Adam Boehler, currently director of CMMI, has also been named the senior advisor for value-based transformation and innovation, HHS Secretary Alex Azar announced.

Vivli Launches Clinical Research Data-Sharing Platform

On July 19 a new global data-sharing and analytics platform called Vivli was unveiled. The nonprofit group’s mission is to promote, coordinate and facilitate scientific sharing and reuse of clinical research data.

Survey: More Effective IT Needed to Improve Patient Safety

In a Health Catalyst survey, physicians, nurses and healthcare executives said ineffective information technology, and the lack of real-time warnings for possible harm events, are key obstacles to achieving their organizations' patient safety goals.

Physicians Still Reluctant to Embrace Virtual Tech, Survey Finds

While consumers and physicians agree that virtual healthcare holds great promise for transforming care delivery, physicians still remain reluctant to embrace the technologies, according to a new Deloitte Center for Health Solutions survey.

Geisinger, AstraZeneca Partner on Asthma App Suite

Geisinger has partnered with pharmaceutical company AstraZeneca to create a suite of products that integrate into the electronic health record and engage asthma patients and their providers in co-managing the disease.