HITRUST recently announced that it is undertaking the first empirical and comprehensive study, called HITRUST Cyber Discovery, to analyze the methods, severity and pervasiveness of cyber threats targeting a variety of healthcare organizations. The study will enable a better understanding of the actual magnitude, complexity, relations of cyberattacks, commonalities of target organizations and data, and degree of cyber threats persisting within organizations. The goal is to accurately identify attack patterns and persistence, as well as the magnitude and sophistication of specific threats across healthcare enterprises.

We have received a number of questions about why “our” organization should directly participate and not just wait for the findings to be published. We believe there are significant benefits that organizations will derive from participating in the study.

  • Access to best-in-class and state-of-the-art cyber threat detection technology* to identify cyber threats, attacks and events for the duration of the study, or approximately 90 days.
  • Access to highly skilled resources to help you understand more about cyber-attacks and incidents.
  • Better understanding of cyber forensics and use of analytical tools as part of an organizations’ cyber risk management program.
  • Detailed analysis and understanding of cyber threats and events directly affecting your organization.
  • Ability to benchmark your organization’s cyber threat activity compared with other organizations across the industry.

Many organizations do not have the resources to invest or coordinate this type of activity making this opportunity even more valuable and beneficial.

We have also received inquiries about what happens if the analysis discovers a previously undetected cyber threat in their environment. There is always the possibility that the analysis will uncover a previously undetected cyber-threat. The organization, not HITRUST, will determine what course of action they will undertake. It is widely agreed that knowing sooner, rather than later, about cyber-related events allows organizations to remediate faster and minimize the severity of the incident.

We hope your organization will seek to participate in the study. There is no cost to organizations that are selected for participation. Organizations interested in participating in the HITRUST Cyber Discovery Study can get more information or indicate interest at the above link until May 10, 2015.


* – Trend Micro Deep Discovery Earns Top Breach Detection Score in NSS Labs Testing.