CyberRX is a series of no cost, industry-wide exercises coordinated by HITRUST in conjunction with the Department of Health and Human Services, with the mission to mobilize healthcare organizations and explore innovative ways of improving preparedness and response against cyber attacks intended to disrupt the nation’s healthcare operations. The exercises include scenarios targeting information systems, medical devices and other essential technology resources of government and healthcare organizations.

Driven by lessons learned and recommendations from the Spring 2014 event, the expanded CyberRX 2.0 program features progressive local-, regional- and national-level exercises that will allow more participants at all levels of maturity to join based on their type of organization, size and experience with cyber prevention and simulations:

  • Level I – Local (Basic), Oct. 2014 – Feb. 2016: This level offers “table-top” simulations that can be administered by an organization to evaluate their cyber threat readiness and response primarily focused on internal processes.
  • Level II – Regional (Mature), Feb. 2016 – Dec. 2016 This level offers qualified (prerequisite of a Level I certificate) participants a regional exercise that is more sophisticated and the opportunity to build collaboration between multiple organizations simultaneously.
  • Level III – National (Leading), TBD: This level offers qualified participants (prerequisite of a Level II certificate) a comprehensive simulation to evaluate internal and external cyber threat readiness, response and crisis management.

It is anticipated that approximately 50 organizations will be selected to participate in Level III exercises. Organizations seeking to progress to the next Level of participation must obtain a certification of completion from the prior Level. HITRUST will designate CyberRX observers, a list that currently includes all HITRUST CSF Assessor organizations. Organizations, directly participating or not, will also benefit from the CyberRX Exercise Playbook, a set of best practices developed in coordination with the CyberRX steering committee, HITRUST and HHS. The CyberRX 2.0 Exercise Playbook with Level I scenarios is now available.

The exercises examine both broad and segment-specific scenarios targeting information systems, medical devices and other essential technology resources of the healthcare industry. CyberRX findings are analyzed and used to identify areas for improvement in the coordination of the HITRUST Cyber Threat Intelligence and Incident Coordination Center (C3); with security and incident response programs; and in information sharing between healthcare organizations, HITRUST and government agencies.

If you would like to sign up to be kept apprised as new and additional information relating to the CyberRX 2.0 program is made available, please register below. Each participating individual will need to register rather than a representative for each organization so HITRUST can ensure that all interested parties are receiving the appropriate communications.

* These fields are required.