CyberRX 2.0 builds industry-wide resilience to protect the nation’s health operations
NEW YORK, Jan. 22, 2015: The Health Information Trust (HITRUST) Alliance and Deloitte, a leader in cyber risk services, will hold cyber preparedness, education and simulation events in major cities across the U.S. These cyber town hall sessions, part of the ongoing HITRUST CyberRX 2.0 program, will provide an opportunity for health care organizations to learn how to assess their ability to respond effectively to cyber threats and attacks, and understand what resources are available to improve collaboration and cyber intelligence sharing.
“As an organization that has participated in the CyberRX program, we have experienced overwhelming satisfaction, and there is no doubt of its value. The CyberRX Level I Playbook had the best-designed and well-thought-out exercises explicitly relevant to health care. We encourage all health care organizations to leverage the exercises and attend a town hall session,” said Michael Pinch, chief information security officer, University of Rochester Medical Center (URMC).
Technology trends, coupled with a historic pattern of underinvestment in security, have made the health care industry a more attractive target for cyber criminals aiming to commit fraud or identity theft. “Data privacy remains an essential, bottom-line concern, and we must also have our eyes open to potentially greater risks,” said Ed Powers, national managing principal, Deloitte Cyber Risk Services, Deloitte & Touche LLP. “Attacks aimed at wiping out central data stores, manipulating medical devices and building controls, or tampering with drug inventory could rapidly threaten the lives of millions of people — and become a national security issue.”
The “CyberRX 2.0 Cyber Town Hall” events are structured to aid health care organizations in better cyber threat awareness and response, and to prepare those organizations participating in the CyberRX exercise. In addition to presentations on various cyber related topics, the sessions will include mock simulations. Those potentially benefitting from attendance include business and technical leaders, as well as finance, risk, operations, human resources, and information technology executives.
To date, more than 1,000 organizations have participated in CyberRX. Launched in April 2014 in coordination with the U.S. Department of Health and Human Services (HHS), the program offers a series of industry-wide exercises that help organizations of varying cyber sophistication evolve their preparedness through a three-tier program. The underlying mission is to mobilize health care organizations and strengthen industry response against cyber attacks intended to disrupt the nation’s healthcare operations. The exercises include scenarios targeting information systems, medical devices and other essential technology resources of government and health care organizations.
In addition to the events being coordinated with Deloitte, HITRUST will coordinate complimentary CyberRX 2.0 Town Hall events through June 2015. Town halls are planned for locations across the U.S., including Atlanta, Boston, Chicago, Dallas, Denver, Houston, Los Angeles, Miami, Minneapolis, New York, Philadelphia, San Francisco, and the District of Columbia.
“Given the increase in cyber-attacks perpetrated against the health care industry and the clear evidence that cyber preparedness exercises improve an organization’s ability to respond, the CyberRX Town Hall events will be a great resource for the industry,” said Daniel Nutkis, founder and CEO, HITRUST. “We are pleased Deloitte has agreed to actively engage in the CyberRX program. Deloitte’s understanding of the cyber threat landscape, engagement with the business challenges of the health care industry, and leadership in cyber war gaming makes it a great resource to help the industry.”
Health care organizations interested in learning more about the CyberRX 2.0 program or participating in a town hall session can visit the CyberRX Town Hall Events page.
About Deloitte Cyber Risk Services
Deloitte’s Cyber Risk Services help complex organizations more confidently leverage advanced technologies to achieve their strategic growth, innovation and performance objectives through proactive management of the associated cyber risks. With deep experience across a broad range of industries, Deloitte’s more than 1,600 practitioners provide advisory and implementation services, spanning executive and technical functions, to help transform legacy IT security programs into proactive, secure, vigilant and resilient cyber risk programs that better align security investments with risk priorities, establish improved threat awareness and visibility, and strengthen the ability of organizations to thrive in the face of cyber incidents.
Founded in 2007, the Health Information Trust Alliance (HITRUST) was born out of the belief that information protection should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. HITRUST — in collaboration with public and private healthcare technology, privacy and information security leaders — has championed programs instrumental in safeguarding health information systems and exchanges while ensuring consumer confidence in their use.
HITRUST programs include the establishment of a common risk and compliance management framework (CSF); an assessment and assurance methodology; educational and career development; advocacy and awareness; and a federally recognized cyber Information Sharing and Analysis Organization (ISAO) and supporting initiatives. Over 84 percent of hospitals and health plans, as well as many other healthcare organizations and business associates, use the CSF, making it the most widely adopted security framework in the industry. For more information, visit www.HITRUSTalliance.net.
As used in this document, “Deloitte” means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.