What's being billed as the healthcare industry's first cyberattack simulation found that communication across a wide range of healthcare organizations, and presumably with patients, is a weak link, said Roy Mellinger, vice president of IT security and chief information security officer for WellPoint
, a participant in the exercise, dubbed CyberRx. The simulation took place April 1 with results revealed Monday.
“I think where we are the weakest is not necessarily on technical implementation,” Mellinger said during a press conference in conjunction with the release of a report on the findings of the test
. “It's the ability to coordinate,” he said, across healthcare entities, from small practices, to device makers, hospital systems and payers.“The growing adoption of new and connected health information technologies and widespread use of mobile devices continue to increase the industry's exposure to potential attacks,” said CyberRX observer Jim Koenig
, Principal, Global Leader, Commercial Privacy, Cybersecurity and Incident Response for Health, Booz Allen Hamilton in a release.
The security stress test was organized by HITrust
, a health data security consortium, in collaboration with HHS. The attack scenarios were directed at medical devices, health information systems, health information exchanges and HealthCare.gov, HHS's health insurance website. In addition to WellPoint and HHS, participants were Athenahealth, Children's Medical Center of Dallas, Cooper Health, CVS Caremark, Express Scripts, Health Care Services Corp, Highmark, Humana and United Health Group.
Preparedness varied, not only with IT issues, but also an organization's ability to process threat intelligence, their impact on business and clinical operations and external business partners.Follow Joseph Conn on Twitter: @MHJConn