No organization is safe from a cyber attack. But healthcare organizations are an especially prime target for hackers, as they store valuable data like electronic health records (EHR) and electronic protected health information (ePHI). In fact, nearly 90 percent of healthcare organizations represented in The Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data had experienced a data breach in the past two years, and 45 percent had more than five data breaches in the same time period. (Ponemon Institute, May 2016)
Recognizing the importance of improving the resilience of organizations to cyber attacks, the Health Information Trust Alliance (HITRUST) recently announced its plan to launch a Community Extension Program, according to an article from HealthIT Security.
The program is designed to help healthcare organizations discuss challenges, best practices and lessons learned in healthcare risk management programs by leveraging the HITRUST Common Security Framework (CSF) – the most-widely adopted security framework in the U.S. healthcare industry – and other HITRUST programs.
Collaboration among healthcare organizations is important, as attacks are often industry-specific and come in waves. When one healthcare organization faces a breach, it’s likely that others will soon, or already have.
Sharing information among industry organizations helps everyone better fortify their cybersecurity defenses. Through HITRUST’s Community Extension Program, companies will have the opportunity to collaborate on risk management programs through town hall style events. These events will be hosted in cities throughout the country.
For ongoing collaboration, we also suggest investing in threat intelligence feeds, third-party streams of information about indicators of compromise, DNS names and file names of attacks that are happening. These feeds allow companies to recognize and act on indicators of attack scenarios in a timely manner.
More information about the new HITRUST program, check out the article in HealthIT Security here. And for more tips on how healthcare organizations can improve their cybersecurity and risk management, read our blog, Cybersecurity in Healthcare.