Written by HITRUST Independent Security Journalist Sean Martin.

Since HITRUST and Trend Micro first started delivering (and writing about) the HITRUST CyberAid initiative back in the summer of 2016, a lot has happened. As was captured in a more recent post, some of the highlights over the past 5 months include:

• 40% of the practices affiliated with the organization that were initially assessed found active malware or spyware. However, all the threats that were discovered by the CyberAid solution were quickly remediated.
• Cybersecurity technology adoption has been much more convenient—allowing healthcare providers to continue focusing on patient care.
• Adoption across multiple practices provides a level of assurance that the industry is raising the bar on security throughout the healthcare ecosystem such that doctors and hospitals can step away from the day-to-day of IT security and truly focus on facilitating delivery of care.

A solution like this probably sounds like music to your ears. You may be wondering, however: What does the program look like? How does it work? And how can I be part of it?

To answer these questions, we spent some time with Ryan Delany, Global Solutions Marketing Manager at Trend Micro. Delany, who is responsible for the marketing of small business products from Trend Micro, walked us through the typical process of joining the program, getting things up and running, and handling the odd incident if and when one occurs.

What does the doctor’s office get with their CyberAid solution?

With this offering, small- to medium-sized doctors’ offices will find that CyberAid is comprised of the following combination of elements:

1. Trend Micro’s Worry-Free Business Security (link) for endpoint protection

1. Trend Micro’s Cloud Edge for integrated perimeter, email, and web protection

1. Trend Micro’s Worry-Free Business Services (link) for installation, management, and 24/7 monitoring

The combination of these elements provides the doctor’s practice with, as the name suggests, a worry-free information security program that covers everything from the mobile device to the desktop to the perimeter. Each layer of protection leverages Trend Micro’s Smart Protection Network, a cloud-based database that delivers proactive global threat intelligence against zero-hour threats to ensure that you are always protected.

How does the program work?

The current CyberAid solution is being piloted by Children’s Health in Texas. The following outlines the consolidated view of the onboarding process, the deployment process, and the management and monitoring processes for the 50 doctors’ offices that are already operating within the program. It is expected that this same model would be used for future implementations within Children’s and could also be used soon at other hospitals around the U.S.

STEP 1: Identify Program Participants 

The hospital currently identifies the doctors that they want to join the program based on the office’s connection to the hospital’s EPIC EHR system. To date, all the doctors’ offices that are participating volunteered to be part of the program once the hospital identified them as a candidate for the program.

STEP 2. Program Introduction 

Once the doctors’ office has been selected, the Trend Micro team are alerted to their joining the program. Upon alert, Trend Micro will set up a pre-call with the office to discuss the program and answer any questions the staff may have. Trend will also use this time to discuss the office environment and try to get an idea of what they have and where things are from a physical standpoint. At the close of the call, both parties schedule a time to proceed with the installation. While there is minimal impact on office operations during the installation, the two parties will focus on finding a day and time that will have the least impact possible. The office is also provided with some basic documentation to help them understand what will be installed for them.

STEP 3. Deploy the Solution 

On the date scheduled, Trend Micro will visit the doctor’s office to deploy the Cloud Edge appliance and the Worry-Free product on the Windows desktops, Mac desktops, and any desired mobile devices (iOS and Android) to be protected under the program. The Trend Micro team typically plans for 90 minutes to complete the deployment, but in reality, most do not take that long. The Cloud Edge appliance is configured and synced up to the cloud management infrastructure ahead of time; in most cases, it is a simple plug-in and test. The Worry-Free part of the installation typically takes the majority of the time allocated and the overall timing depends on the ease with which the team can remove other AV program(s) that were already on the desktops. After the installation is complete, the Trend Micro team will sit down with the doctor to answer any additional questions they may have now that the solution is in place.

STEP 4. Tune, Manage and Monitor 

Once deployed, the system is tuned, managed and monitored by Trend Micro, all from the cloud. If an interesting event occurs (such as ransomware being found in the environment), Trend Micro will reach out to the doctor to provide a recommendation. In most cases, the recommendations include what steps they need to take to remediate the issue. In the case of a ransomware infection that showed up in a user’s mailbox, for example, the user was advised to delete the message and empty the trash, as well as be aware of any message with unexpected attachments or URL links coming from an unknown sender. In addition, if they had any questions about a suspicious attachment or link, they are advised to call Trend Micro.

STEP 5. Stay Aware  

Once deployed and configured, the doctor really doesn’t need to do much on a day-to-day basis. This doesn’t mean that they shouldn’t be aware of what’s happening in their environment. Trend Micro recommends that the doctors look over weekly reports (see Figure 1) and keep following cybersecurity best practices such as maintaining good password policies and keeping the internal network isolated from the public network.

Figure 1

It’s time to take the 1st step

It doesn’t take much to get a Worry-Free solution for your doctor’s office. In fact, Trend Micro handles the bulk of the workload for you – up front, during and after. If you happen to be part of the Children’s Hospital network, it’s time to get started with your CyberAid program. If you are outside of the Children’s Hospital network, give HITRUST a call at 1-855-HITRUST or contact HITRUST at cyberaid@hitrustalliance.net to have your hospital’s network considered for inclusion in the next round of pilots.