HITRUST Analysis Deems Healthcare “Reactive” to Cybersecurity | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

HITRUST Analysis Deems Healthcare “Reactive” to Cybersecurity

March 6, 2015
by Gabriel Perna
| Reprints

The Health Information Trust Alliance (HITRUST), a Frisco, Texas-based industry group working to establish a common security framework (CSF), analyzed how healthcare organizations tackle data security against cyber threats and risks, and found most were reactionary in their approach.

HITRUST’s three-month review of cyber risk management strategies for the healthcare industry revealed what many have already come to know: When it comes to data security from hackers, healthcare organizations are ill prepared. This is not exactly a startling finding, with a major hack of health insurer Anthem having just happened one month ago. Another report, from Redspin Inc., a Carpinteria, Calif.-based health IT security consultant, found that more than half of the breaches of protected health information reported to the Department of Health and Human Services (HHS) Office of Civil Rights (OCR) were the result of hacking, including the notable incident at Community Health System that affected 4.5 million patients. 

One element of this lack of preparation is the fact that most organizations aren’t able to understand the effectiveness of deployed information security products, especially in relation to emerging cyber threats. They also acknowledged they had minimal understanding of the impact of emerging cyber threats on their products and applications.

“Although we have made good progress in maturing our cyber risk management approach for industry, with significant improvements in information sharing, the real opportunity is to understand the emerging threats and model them against organization-specific defenses, configurations and applications,” Daniel Nutkis, chief executive officer, HITRUST, said in a statement.

HITRUST is rolling out a new strategy, a situational awareness and threat assessment tool, which will aim to help healthcare organizations increase visibility against emerging threats and how that could affect their current products. The organization partnered with NSS Labs, an Austin, Texas-based security research and advisory company, on the tool.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Advocate Aurora Health, Foxconn Plan Employee Wellness, “Smart City,” and Precision Medicine Collaboration

Wisconsin-based Advocate Aurora Health is partnering with Foxconn Health Technology Business Group, a Taiwanese company, to develop new technology-driven healthcare services and tools.

Healthcare Data Breach Costs Remain Highest at $408 Per Record

The cost of a data breach for healthcare organizations continues to rise, from $380 per record last year to $408 per record this year, as the healthcare industry also continues to incur the highest cost for data breaches compared to any other industry, according to a new study from IBM Security and the Ponemon Institute.

Morris Leaves ONC to Lead VA Office of Electronic Health Record Modernization

Genevieve Morris, who has been detailed to the U.S. Department of Veterans Affairs (VA) from her position as the principal deputy national coordinator for the Department of Health and Human Services, will move over full time to lead the newly establishment VA Office of Electronic Health Record Modernization.

Cedars-Sinai Accelerator Program Presents Fourth Class of Startups

The Cedars-Sinai Accelerator, a program that helps entrepreneurs bring their innovative technology products to market, has brought in nine more health tech startups as part of its fourth class.

DirectTrust Adds Five Board Members

DirectTrust, a nonprofit organization that support health information exchange, announced the appointment of five new executives to its board of directors.

Analysis: Many States Continue to Have Restrictive Telemedicine Policies

State Medicaid programs are evolving to accelerate the adoption of telemedicine models, this evolution is occurring more quickly in some states than others, according to a recent analysis by Manatt Health.