HITRUST Statement on Healthcare Industry Cyber Breach Events

HITRUST LogoHITRUST commonly gets inquiries about recent healthcare related cyber breaches, as HITRUST is the leading authority on healthcare information protection and operates the most active and sophisticated cyber threat intelligence sharing service for the healthcare industry, HITRUST Cyber Threat XChange (CTX). As a federally recognized Information Sharing and Analysis Organization (ISAO), we are in constant engagement with industry, law enforcement and government cyber threat intelligence sources to ensure HITRUST CTX participants have the latest indicators of compromise (IOCs). HITRUST CTX intelligence, functionality, SIEM integration and the ability to anonymously share IOCs are some of the reasons it has emerged as the industry resource for healthcare organizations to share IOCs before and during breach events, and as such CTX often has threat-related indicators on these breaches before they are publicly reported.

Unfortunately, due to the current cyber threat environment, we expect these breaches to continue to occur. HITRUST encourages organizations of all types and sizes to ensure they are implementing and adopting these four key activities:

  1. Leverage the HITRUST Cyber Threat XChange: The CTX basic subscription is free of charge and includes SIEM integration, which feeds threat intelligence information directly into an organization’s SIEM systems and allows automatic and instantaneous response.
  2. Adopt a Strong Controls Framework: The framework should embody the elements of the NIST Cybersecurity framework. The HITRUST CSF framework incorporates the NIST Cybersecurity Framework and provides industry-specific implementation controls and guidance. Guidance for leveraging the HITRUST CSF to implement the NIST Cybersecurity Framework is available on the NIST website.
  3. Participate in Cyber Preparedness and Response Exercises: The nation-wide HITRUST CyberRX 2.0 exercises and educational town halls are an invaluable resource for organizations to leverage for cyber preparedness and response exercises.
  4. Understand the Threats in Your Environment: Leverage a deep discovery tool or other analysis service to better determine if cyber threats are present or evidence of a prior breach is evident. HITRUST is currently accepting participants for the Cyber Discovery Study, which provides organizations with deep discovery hardware and software for the length of the study free of charge.

All of these activities are key to an overall cyber security program and available free of charge from HITRUST.

We will issue cyber news alerts in situations where we feel specific action is necessary, otherwise organizations should leverage the tools outlined as part of their preparedness and response program. Since 2007, HITRUST has led the industry and endeavors to elevate the level of information protection by ensuring greater collaboration between the healthcare industry and government.