Health care industry to ready itself for simulated attack exercise "CyberRX"

Share this article:
The exercises are expected to occur in March and July.
The exercises are expected to occur in March and July.

The U.S. Department of Health and Human Services (HHS), in partnership with major health care companies, will conduct the industry's first wide scale, cyber attack exercises this spring and summer.

The Health Information Trust Alliance (HITRUST), which helped establish the Common Security Framework for protecting personal health and financial data, will lead the initiative. The “CyberRX” exercises take place over two days, with one test happening in March and another in July.

The exercise in threat preparedness is similar to a wide scale test that U.S. financial institutions participate in each year, dubbed “Quantum Dawn.”

On Tuesday, HITRUST CEO Daniel Nutkis told in an interview that, while the specifics of the attack exercises are being kept mum prior to the events, organizations participating would likely be exposed to a range of threats – which could range from social engineering ruses to attacks that require more technical prowess on the part of attackers.

“It will be a combination of attack types,” Nutkis said, adding later that HITRUST would be distributing information about cyber attacks that would help prepare organizations for CyberRX.

Nutkis also added that medical device security would be among the areas covered by the exercises.

“I [am] comfortable saying that medical devices will be covered in one of the scenarios,” Nutkis added. “Either an exposed threat to a medical device or a specific vulnerability of a medical device,” could be among the findings gleaned from CyberRX, he said.

In April, HITRUST plans to distribute the findings of the cyber readiness exercise, which will be used to help the industry better determine how to deliver threat information to health care organizations, and how alert and response tactics may vary according to organizational type and size.

So far, the spring group participating in the CyberRX exercise consists of UnitedHealth Group, WellPoint, Humana, Highmark, Health Care Service Corporation (HCSC), the Children's Medical Center in Dallas, CVS Caremark and Express Scripts.

The exercise will test a wide range of organizations that collaborate often to meet the needs of patients around the country, including government agencies, providers, prescription benefit managers, pharmacies, pharmaceutical managers, health plans and exchanges.

Health care organizations can register to participate at

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Report: Stolen card data is crime that concerns Americans most

A recent Gallup Crime poll indicates that Americans' top two worries revolve around having credit card data stolen or their computer or smartphones compromised.

Pirate Bay co-founder found guilty for hacking IT service provider

Gottfrid Svartholm Warg was found guilty of hacking an IT service provider in Denmark. This is his second court case for illegally accessing data.

Assume Drupal 7 sites are compromised, unless patched or updated to 7.32 ...

Assume every Drupal 7 website is compromised, unless patched or updated to Drupal 7.32 within seven hours of the disclosure of a highly critical SQL injection vulnerability.