Frisco, TX – February 9, 2015: To ensure the healthcare industry has access to timely and accurate information relating to the recent Anthem cybersecurity breach, the Health Information Trust Alliance (HITRUST) is implementing changes and additions to its Cyber Threat Intelligence and Incident Coordination Center (C3), a federal recognized Information Sharing and Analysis Organization (ISAO) and the most active in the healthcare industry.
The updates are as follows:
- Effective immediately a Basic Subscription to the HITRUST Cyber Threat XChange (CTX) will be free of charge* to allow online access to a comprehensive array of cyber threat intelligence and industry indictors of compromise (IOCs) including recently identified and future information associated with the Anthem breach. Organizations can sign up at the above link and accounts will be activated within 72 hours.
- Creation and distribution of educational material to aid healthcare industry organizations in communicating with customers, members and patients on their cyber threat readiness, preparedness and response activities, and to confirm they have not experienced the same cyber attack that affected Anthem.
- Communication of information around various scams and other nefarious activities, such as phishing campaigns, trying to capitalize on the recent industry cyber event.
- Dedicating time on the HITRUST Monthly Cyber Threat Briefings for an Anthem representative to share helpful information with industry organizations to support their cyber threat preparedness and response.
HITRUST’s goals for these new and updated activities is to eliminate the barriers to access to important cyber threat information; share cyber threat intelligence and other information that healthcare industry organizations can use to prepare for and prevent cyber related breaches; and communicate to customers, patients and members about measures being taken to prepare for cyber threats and attacks.
HITRUST has received an enormous number of requests for information on the Anthem cyber related breach including IOCs and response countermeasures, including many requests from organizations that have not previously been sharing IOCs with industry. HITRUST applauds Anthem for its timely disclosure of the IOCs in the midst of other internal cyber related priorities.
Much of the cyber threat information shared is provided by another healthcare organization. For cybersecurity threat information sharing to be effective, it is important for all organizations to be willing to sharing their IOCs and other indicators of suspicious activity – not just consume information from others – so that the entire industry can be better protected. Anthem has set an example for the industry to learn from with regards to information sharing and communication.
HITRUST also encourages organizations to leverage the HITRUST Common Security Framework (CSF) as well as participate in the CyberRX program and HITRUST Monthly Cyber Threat Briefings to better prepare and respond to cyber-related incidents.
Founded in 2007, the Health Information Trust Alliance (HITRUST) was born out of the belief that information protection should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. HITRUST – in collaboration with public and private healthcare technology, privacy and information security leaders – has championed programs instrumental in safeguarding health information systems and exchanges while ensuring consumer confidence in their use.
HITRUST programs include the establishment of a common risk and compliance management framework (CSF); an assessment and assurance methodology; educational and career development; advocacy and awareness; and a federally recognized cyber Information Sharing and Analysis Organization (ISAO) and supporting initiatives. Over 84 percent of hospitals and health plans, as well as many other healthcare organizations and business associates, use the CSF, making it the most widely adopted security framework in the industry.
For more information, visit www.HITRUSTalliance.net.
All product and company names herein may be trademarks of their respective owners.
*Offer only applies to qualified organizations, A qualified organization is any organization employing a function or activity involving the use or disclosure of individually identifiable health information, provided that said organization does not provide security products or services. Additionally, any federal, state, or local agency or department may qualify. HITRUST has the right to verify eligibility.