The U.S. Department of Health and Human Services (HHS), in partnership with major health care companies, will conduct the industry's first wide scale, cyber attack exercises this spring and summer.
The Health Information Trust Alliance (HITRUST), which helped establish the Common Security Framework for protecting personal health and financial data, will lead the initiative. The “CyberRX” exercises take place over two days, with one test happening in March and another in July.
The exercise in threat preparedness is similar to a wide scale test that U.S. financial institutions participate in each year, dubbed “Quantum Dawn.”
On Tuesday, HITRUST CEO Daniel Nutkis told SCMagazine.com in an interview that, while the specifics of the attack exercises are being kept mum prior to the events, organizations participating would likely be exposed to a range of threats – which could range from social engineering ruses to attacks that require more technical prowess on the part of attackers.
“It will be a combination of attack types,” Nutkis said, adding later that HITRUST would be distributing information about cyber attacks that would help prepare organizations for CyberRX.
Nutkis also added that medical device security would be among the areas covered by the exercises.
“I [am] comfortable saying that medical devices will be covered in one of the scenarios,” Nutkis added. “Either an exposed threat to a medical device or a specific vulnerability of a medical device,” could be among the findings gleaned from CyberRX, he said.
In April, HITRUST plans to distribute the findings of the cyber readiness exercise, which will be used to help the industry better determine how to deliver threat information to health care organizations, and how alert and response tactics may vary according to organizational type and size.
So far, the spring group participating in the CyberRX exercise consists of UnitedHealth Group, WellPoint, Humana, Highmark, Health Care Service Corporation (HCSC), the Children's Medical Center in Dallas, CVS Caremark and Express Scripts.
The exercise will test a wide range of organizations that collaborate often to meet the needs of patients around the country, including government agencies, providers, prescription benefit managers, pharmacies, pharmaceutical managers, health plans and exchanges.
Health care organizations can register to participate at www.hitrustalliance.net/c3/.