HITRUST announced today the launch of a Community Extension Program that will provide healthcare organizations of all types and sizes an opportunity to engage with local peers to discuss the challenges, best practices and lessons learned in effectively implementing a risk management program and improving cybersecurity practices by leveraging the HITRUST CSF, HITRUST cyber threat sharing and response, and other HITRUST programs.

With the persistence of cyber related threats, healthcare organizations of all sizes are striving not just to enhance and improve their information risk management, regulatory compliance and cyber resilience programs – but do so in an efficient and effective manner. For many organizations, the HITRUST CSF, CSF Assessment and cyber threat sharing and response programs are fundamental tools to achieving their goals.

HITRUST’s experience has shown that education and knowledge transfer play a fundamental role in simplifying the process, shortening the time in adopting its programs and maximizing their value. In addition, many benefits are gained in collaborating with peers to share lessons learned, discuss best practices and establish relationships that support ongoing knowledge transfer and collaboration as it relates to implementing the HITRUST CSF or addressing the latest cyber threats.

As part of our commitment to support and engage with organizations to help them adopt and leverage the various HITRUST resources, the Community Extension Program will promote education and collaboration in communities across the U.S.  The program is no cost to attendees and will feature town hall events in 50 cities with more added based on demand over the next 12 months.

Because the HITRUST CSF, CSF Assessment and cyber threat sharing and response programs are so widely adopted and are key components of many organization and third-party vendor strategies, this program will aid in streamlining adoption and promoting greater collaboration between organizations across the country. In addition, the growing number of CSF Assessors, currently over 65, will be leveraged as resources across the country and will enable more ongoing community collaboration.

These town hall events will be coordinated by HITRUST, hosted by organizations within the community and facilitated by HITRUST CSF Assessors. Some of the topics that will be covered include:

  • Structuring and implementing an information risk management program
  • Considerations in implementing the HITRUST CSF
  • Leveraging the HITRUST CSF to implement the NIST Cybersecurity Framework
  • Considerations regarding a HITRUST CSF Assessment and reporting options
  • Leveraging the HITRUST Cyber Threat Catalogue
  • Implementing a third-party assurance program and effective vendor risk management
  • How to align information risk management and cyber insurance programs
  • Engaging in cyber information sharing and how it supports cyber threat management regardless of size or cyber maturity

These sessions will be held initially in 50 communities across the U.S. and will expanded or duplicated over the coming year based on demand, the first six being:

  1. Boston, MA – hosted by Tufts Medical Center, facilitated by PwC
  2. Cleveland, OH – hosted by Cleveland Clinic, facilitated by Beyond LLC
  3. Dallas, TX – hosted by Blue Cross Blue Shield of Texas (HCSC), facilitated by Deloitte
  4. Denver, CO – hosted by Centura Health, facilitated by Coalfire
  5. Houston, TX – hosted by Texas Children’s Hospital, facilitated by Deloitte
  6. Seattle, WA – hosted by Microsoft, facilitated by Coalfire

Click here for more information on the dates, locations, agenda and registration requirements.

We are very excited to be launching this new program and furthering our engagement with the healthcare community.  This program provides significant value by allowing organizations to come together to share valuable information surrounding HITRUST programs, and it provides an opportunity to engage with, and learn from, other organizations about how they approach challenges related to managing risk and controlling compliance costs while effectively implementing a strong security posture and defending against cyber threats.