Healthcare Business News
HITRUST CEO Daniel Nutkis

HITRUST will lead series of controlled cyberattacks to test preparedness

By Joseph Conn
Posted: January 13, 2014 - 2:30 pm ET

A healthcare industry data-security consortium will lead a series of computer hacks to evaluate industry preparedness for the real thing.

A first round of these controlled attacks on about a dozen organizations volunteering to participate—including four provider organizations, health plans, pharmacies and a cloud services provider—will be conducted in March in partnership with HHS and led by HITRUST, the Frisco, Texas-based healthcare security consortium. A second round of attacks is slated this summer.

“Our goal for the exercises is to identify additional ways that we can help the industry be better prepared for and better able to respond to cyberattacks,” Kevin Charest, chief information security officer at HHS, said in a news release.

Advertisement | View Media Kit


In April 2012, HITRUST launched its Cyber Threat Intelligence and Incident Coordination Center to provide a communication and information sharing channel devoted to healthcare-related cyberthreats. The proposed attacks will measure the effectiveness of that channel, test industry coordination with HHS and document threat scenarios for future use in additional tests with other industry participants.

HITRUST CEO Daniel Nutkis said the organization will employ what he described as “ethical hackers” to launch the assaults using a benign payload.

“The intent here is to understand an organization's ability to respond to these attacks and it's also an opportunity for sharing information,” Nutkis said. “One organization's cyberevent is another organization's cyberdefense.”

Nutkis said he has not seen a spike in the number of healthcare industry cyberattacks, “but there is no question that healthcare is a ripe target. It's a 'when' issue, not an 'if' issue.”

Also, he noted, experts trawling online forums of foreign hackers have discovered “substantial amounts” of protected healthcare information that they couldn't connect to a breach. “We think there are organizations that aren't even aware that that's happening.”

Follow Joseph Conn on Twitter: @MHJConn

What do you think?

Share your opinion. Send a letter to the Editor or Post a comment below.

Post a comment

Loading Comments Loading comments...



Switch to the new Modern Healthcare Daily News app

For the best experience of on your iPad, switch to the new Modern Healthcare app — it's optimized for your device but there is no need to download.