The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Information on this website may not be current. This website may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites. Readers of this website should contact their attorney, accountant or credit counselor to obtain advice with respect to their particular situation. No reader, user, or browser of this site should act or not act on the basis of information on this site. Always seek personal legal, financial or credit advice for your relevant jurisdiction. Only your individual attorney or advisor can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, contributors, contributing firms, or their respective employers.
Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them. Compensation is not a factor in the substantive evaluation of any product.
The healthcare industry is gearing up for a cyberattack campaign that promises to test companies’ ability to guard against data breach threats. The campaign will be launched by an unlikely source: the U.S. Department of Health and Human Services (HHS).
The healthcare industry is one of the most highly-targeted sectors, and the HHS is partnering with healthcare companies to simulate attacks that could ultimately improve their cybersecurity, SC Magazine reported.
The simulation, called CyberRX, will be overseen by the Health Information Trust Alliance (HITRUST), a creator of the Common Security Framework meant to protect sensitive information. CyberRX exercises are designed to test how organizations detect and respond to security breaches, Health IT Security reported. The planned cyberattacks will hopefully expose any security weaknesses that may have otherwise been exploited by actual cybercriminals.
“We have been coordinating and collaborating with HITRUST to enhance the resources available to the healthcare industry,” said Kevin Charest, HHS chief information security officer. “Our goal for the exercises is to identify additional ways that we can help the industry be better prepared for and better able to respond to cyberattacks. This exercise will generate valuable information we can use to improve our joint preparedness.
Major healthcare organizations are expected to have their cybersecurity put to the test, including UnitedHealth Group, WellPoint and the Health Care Service Corp.
“I feel strongly that these exercises are needed as a crucial step in the healthcare industry’s continued maturity around cyber threat preparedness and response,” Roy Mellinger, vice president and chief information security officer at WellPoint, told Health IT Security. “It will allow organizations to evaluate and improve their processes and identify gaps in what is needed industry-wide and from government.”
Health organizations are vulnerable to different forms of attacks, so the simulation will involve methods commonly used by cybercriminals, including social engineering and more sophisticated cyberattacks. Criminals often use social engineering techniques that include email phishing scams in order to steal information or infect devices with malware. The test may even include medical devices themselves.
“I [am] comfortable saying that medical devices will be covered in one of the scenarios,” HITRUST CEO Daniel Nutkis told SC Magazine. “Either an exposed threat to a medical device or a specific vulnerability of a medical device” could be some of the vulnerabilities discovered in the CyberRX exercises, he added.
The HITRUST report on the results of the CyberRX exercises will be available in April and will hopefully help healthcare firms plan for cyberattacks in the future.
Image: iStock
April 11, 2023
Uncategorized
September 13, 2021
Uncategorized
August 4, 2021
Uncategorized