With the healthcare industry under constant cyberattack, organizations need to do more to protect themselves, and understanding cyberattack methods and techniques is an important step to enhancing defenses. HITRUST and Trend Micro have announced HITRUST Cyber Threat XChange (CTX) Deceptive, a deception-based threat detection collaboration platform that deploys honeypots across the healthcare ecosystem. With this announcement, the two organizations have launched the second phase of the recently enhanced HITRUST Cyber Threat Management and Response Center. You can view the official press release here.
HITRUST CTX Deceptive deploys decoys that work together to deceive attackers and gain knowledge of their methods, processes, tactics and targets of interest. These decoys, or honeypots, are computer systems designed to attract and monitor attackers and are typically deployed as stand-alone systems within individual organizations. HITRUST has taken the concept to the next level by designing a deception environment that spans across many healthcare organizations via the HITRUST CTX threat sharing infrastructure. HITRUST has also deployed decoys of commonly-used systems including leading EHRs, medical devices and other healthcare-specific systems. HITRUST facilitates the 24/7 monitoring of the activity.
This is the first time that multiple organizations have come together to undertake such a sophisticated and aggressive approach to cyber deception. By working together and sharing the different types of traps and decoys, as well as intelligence gathered related to specific threat actors, systems or medical devices, cyber defenders now have insight beyond basic IOC information.
HITRUST CTX Deceptive is able to identify trends – providing insight into how threat actors are infiltrating and exploiting networks, applications and systems while capturing complete malicious activity, IP addresses and domains. Advanced tactical intelligence on attack behaviors and possible attack paths can be anticipated, and indicators of compromise (IOC) data and alerts on threats to specific applications and medical systems can be shared with organizations to prevent an attack and reduce the risk of breach or compromise.
Trend Micro’s experience with honeypots allows them to understand the results of malicious activity within the HITRUST CTX and provide an advanced level of protection. With enhanced visibility into the network, early detection of attacks in the decoy environment can improve the industry’s time-to-respond with third-party integrations to isolate and block attacks.
HITRUST has been innovating IOC collection and sharing for many years and HITRUST CTX Deceptive represents a key missing piece within the current IOC collection approach. This development builds on HITRUST’s commitment and partnership with industry and government to build trust and collectively improve the industry’s cyber defenses and resilience.
HITRUST CTX Deceptive is the next phase in the HITRUST vision to deliver capabilities that address real-world issues facing CISOs like cyber threat management, defense and response. Similar to other HITRUST CTX programs, it is based on an organization’s cyber maturity level and subsequent ability to defend against the increasing volume and sophistication of cyber threats. HITRUST CTX Deceptive builds on the existing HITRUST Enhanced IOC Collection Program, which has already demonstrated significant, measurable and tangible improvements in quality, timeliness and accuracy of IOCs.
HITRUST CTX Deceptive is deployed and operational at organizations in the healthcare industry. HITRUST is announcing the program in order to solicit participants, as part of the HITRUST Cyber Threat Management and Response Center, but will not publicly disclose any information about the participating organizations or the target systems that decoys have been developed or will be in the future. HITRUST continues to offer basic access to the HITRUST CTX and the new HITRUST Cyber Threat Management and Response Center at no cost.
In addition to the Cyber Threat Management and Response Center, HITRUST supports organizations’ cyber preparedness and response through the HITRUST CSF, which incorporates the NIST Cybersecurity Framework and is the basis for the HPH Sector implementation for the NIST Cybersecurity Framework. The HITRUST CSF Assessment also reports in the NIST Cybersecurity control categories.