The Health Information Trust Alliance offered its support for an effort by Sen. Jay Rockefeller (D-W.Va.) to raise awareness of what both call a growing cybersecurity threat.
In a three-page letter
to Rockefeller, HITrust CEO Daniel Nutkis said the organization "applauds lawmakers' and regulators' attention to this issue and is supportive of anything that protects national critical infrastructure and avoids disruptions or losses that can be caused by cyberattacks."
Thus, HITrust backs Rockefeller's call for the business community to work with government to address the issue, with the caveat that lawmakers and government officials take into account the public-private collaborations already in place, "learn from what is working, and minimize new burdensome assessments and audits that will divert resources from the real task of enhancing cyber threat detection and response capabilities."
In September, Rockefeller, who chairs the Senate Committee on Commerce, Science and Transportation, sent letters to the CEOs of hundreds of top U.S. corporations, saying he was "profoundly disappointed" that a Senate filibuster "largely due to opposition" from lobbyists and trade groups, including the U.S. Chamber of Commerce, blocked his proposed cybersecurity legislation. Rockefeller asked the business leaders to answer eight questions about their own cybersecurity practices. The letters went to numerous healthcare companies, including Walgreen Co., Johnson & Johnson, WellPoint, UnitedHealth Group, Aetna, Medtronic, Tenet Healthcare Corp. and Molina Healthcare. The HITrust letter was in response to Rockefellers' missive.
HITrust is a Frisco, Texas-based consortium of health plans, providers, pharmacy benefit managers, information technology vendors and data-miners formed in 2007 to address healthcare data-security issues
In April, HITrust announced it was forming a Cyber Security Incident Response and Coordination Center
to help educate healthcare organizations about security threats.
Also in April, the Government Accountability Office's director of information security issues, Gregory Wilshusen, said in testimony to Congress
that the number of security incidents reported by federal agencies to the government's own information security incident center has jumped by 680% in the past six years.