HITRUST Expands Offerings to Aid Healthcare Industry in Cyber Awareness, Preparedness and Response

  HITRUST Expands Offerings to Aid Healthcare Industry in Cyber Awareness,
  Preparedness and Response

             Cyber Center to Include New Content and Capabilities

Business Wire

FRISCO, Texas -- November 19, 2013

The Health Information Trust Alliance (HITRUST) is announcing today new and
enhanced offerings to the HITRUST Cyber Threat Intelligence and Incident
Coordination Center (C^3) aimed at moving the healthcare industry forward with
regards to preparing for and responding to cybersecurity threats and attacks.

Recognizing the growing threats posed by cyber attacks targeted at healthcare
organizations, HITRUST almost two years ago established a fully functional
cyber threat intelligence and response capability to protect the U.S.
healthcare industry from disruption by these attacks. The HITRUST C^3 is the
single best source of intelligence on threats targeted at healthcare
organizations and medical devices, providing actionable information for
strategic planning and tactical preparedness, and coordinated response for
both large and small organizations. The center facilitates critical
intelligence sharing through integration with the Department of Homeland
Security and U.S. Department of Health and Human Services.

“As interest in the HITRUST C^3 has grown, HITRUST has realized that the
center must be able to support the varying levels of maturity and
sophistication of the participating organizations in need of threat
intelligence and response coordination,” said Daniel Nutkis, chief executive
officer, HITRUST. “When it comes to cyber awareness and preparedness there is
not a one-size-fits-all solution. The significant updates being made to the
HITRUST C^3 are aimed at the needs of the entire industry.”

Supported by a new partnership between HITRUST and Booz Allen Hamilton, the
HITRUST C^3 will offer expanded and enhanced services in three key areas for
improving cyber threat intelligence in the healthcare industry. First,
subscribers will now have access to more frequent anticipatory threat
intelligence through daily alerts and warnings of future attacks that may
threaten a healthcare organization. The probability-based warnings of future
cyber attacks make it possible for an organization to anticipate an attack,
understand the chances of an attacker’s success and take proactive action as
needed. Second, community situation awareness is being improved with daily
intelligence summary products that highlight key threats, incidents and trends
of global threat actors. These daily threat intelligence services will improve
an organization’s ability to address risks and questions regarding global
threats. Finally, an increased level of customization is being offered to
subscribers with the alerting and warning service tailored to the specific
risks and threats for each subscriber, ensuring that the resulting threat
intelligence is actionable and relevant to their organization.

Recent experience shows that cyber attacks are evolving more quickly than
organizations can mount effective defenses, leading to increased risk in the
healthcare sector. An effective security posture requires anticipatory and
predictive intelligence as well as passive listening so that an organization
can get ahead of these threats, assess risks and take appropriate defensive
actions – before an attack actually occurs or in the event of a breach to
expedite analysis. In addition, the information disseminated needs to be
consumable based on the level of organizational maturity and information
security sophistication and not only size or revenue.

“With other offerings focused primarily on operational-level information and
not industry specific, we believe the HITRUST C^3 is the only service that
takes into account the critical need in the healthcare industry for both
technical and management intelligence reporting and education,” said Roy
Mellinger, chief information security officer, WellPoint.

An increasingly critical area in need of additional protections is the
unauthorized access to medical devices and electronic health records, and the
need for better security and controls incorporated into these systems. While
evolving regulations and vendor actions are beginning to address cybersecurity
issues, much work remains to understand and remediate cybersecurity
vulnerabilities in networked medical devices and complex electronic health
record systems.

The HITRUST C^3’s unique ability to characterize both the complex targeted
systems and the capabilities and motivations of potential threat actors
provides an unprecedented capability to identify threats as they emerge and
before an attack. This capability includes being able to track a threat’s
actions against health information systems and devices using automated
collection and analysis tools, in addition to existing cyber intelligence
gathering. The new and enhanced offerings available through the HITRUST C^3
will address cyber threats being planned against these systems and potential
targeted organizations, as well as other critical needs facing the healthcare

“Medical devices introduce cyber risk; thus, with thousands of devices
residing in an average hospital, the knowledge on what devices are being
targeted and how is crucial in managing that risk,” said Michael Pinch, chief
information security officer, University of Rochester Medical Center.

The monthly threat briefings offered through the HITRUST C^3 are also being
enhanced to allow participants to garner greater and more actionable knowledge
on recent and prospective cyber threats and events. Participants may use the
briefings to interact with HITRUST C^3 analysts to better understand the
information being presented, shared and discussed. To help familiarize
organizations with the concepts and resources available through the HITRUST
C^3 and better aid the industry in the use of cyber threat intelligence,
HITRUST is offering complimentary access to the December Threat Briefing to
any qualified healthcare organization. To request access to the December 13
Threat Briefing, please visit http://tinyurl.com/k87zj2q.

Subscribers to the HITRUST C^3 have options for real-time alerting and daily,
weekly and monthly products and services. A basic subscription level has been
added to the HITRUST C^3 to ensure the service is supporting the needs of the
entire healthcare industry without a significant cost barrier.

For additional information on the items discussed in this release, please use
the following resources:

  *HITRUST C^3 - Visit HITRUSTAlliance.net/c3.
  *December Monthly Threat Briefing – to participate, please visit


The Health Information Trust Alliance (HITRUST) was born out of the belief
that information protection should be a core pillar of, rather than an
obstacle to, the broad adoption of health information systems and exchanges.
HITRUST, in collaboration with healthcare, business, technology and
information security leaders, has established the CSF, a certifiable framework
that can be used by any and all organizations that create, access, store or
exchange personal health and financial information. Beyond the establishment
of the CSF, HITRUST is also driving the adoption of and widespread confidence
in the framework and sound risk management practices through awareness,
education, advocacy and other outreach activities. For more information, visit

All product and company names herein may be trademarks of their respective


Mary Hall, 972-330-4919
Press spacebar to pause and continue. Press esc to stop.