Attack exercise reveals threat-sharing roadblock within health orgs

Share this article:
HHS CISO talks new threat briefings, alerts for health industry
Organizations expressed concerns about communicating threat information to team members outside IT.

Health care participants in an industry wide attack exercise expressed concerns about effectively communicating threat intelligence within their organization.

On Monday, the results of the “CyberRX” (PDF) exercises were released by the Health Information Trust Alliance (HITRUST), a group that teamed up with the U.S. Department of Health and Human Service (HHS) to carry out the preparedness initiative.

The inaugural exercise, held on April 1, was observed by Booz Allen Hamilton, and included participants such as UnitedHealth Group, WellPoint, Humana, Highmark, Health Care Service Corporation (HCSC), the Children's Medical Center in Dallas, CVS Caremark and Express Scripts.

For the one-day event, organizations faced responding to randomly selected cyber incident scenarios: one, where a major username and password breach occurs impacting patients, doctors and nurses throughout the health care industry; another, in which three major health plan providers' networks are infiltrated, giving intruders full access to customer data; or two other events, involving an information leak and a potential insider threat case.

In the attack exercises, many organizations (which had mature enough programs to process and identify potential threats) still struggled with delivering threat information to internal staff, which weren't IT, the findings revealed. Sharing necessary information with legal or privacy teams, crisis management, business operations, or other stakeholders in management positions, for instance, turned out to be a roadblock for health care organizations.

In response to the simulated attacks, participants suggested that more formalized procedures be created, so that responsibilities and effective communication of threat information are clearly laid out among staff. In the report, participating organizations also called for the enhancement of HITRUST's Cyber Threat Intelligence and Incident Coordination Center (C3) to facilitate industry collaboration and response to threats.

On Monday, Roy Mellinger, WellPoint's vice president and CISO, said in a teleconference on the CyberRx findings, that the “weakness isn't necessarily on technology implementations, it's the ability to coordinate and collaborate across the myriad of participants in healthcare.”

Mellinger later added that coordinating intelligence sharing was a critical task for companies of every size, but particularly for smaller health care organizations.

“Large corporations like Wellpoint have mature systems and seasoned staff. Smaller organizations do not. The challenge is [in] how to coordinate and collaborate across them all. HITRUST C3 allows multiple entities to get the information they need to prepare and respond, regardless of size,” he said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.