News Feature | April 21, 2015

HITRUST Looking For Cybersecurity Study Participants

Christine Kern

By Christine Kern, contributing writer

HITRUST Forms Cybersecurity Group

The study aims to collect and analyze methods, magnitude, and pervasiveness of cyber threats.

HITRUST announced it is conducting the first empirical and comprehensive study to analyze the methods, severity, and pervasiveness targeting healthcare. Called HITRUST Cyber Discovery, the 90-day study “will enable a better understanding of the actual magnitude, complexity, relations of cyberattacks, commonalities of target organizations and data, and degree of cyber threats persisting within organizations. The goal is to accurately identify attack patterns and persistence, as well as the magnitude and sophistication of specific threats across enterprises.”

To this end, HITRUST is looking for approximately 210 healthcare organizations to take part in the study. The scope of the research study will include detection of advanced persistent threat and perpetrators, analysis and forensics of malware and other cyber threats, and attacks against specific data, organizations, and industry segments.

“The level of speculation around attacks, targets, and persistent threats has reached an all-time high,” explained Daniel Nutkis, CEO of HITRUST. “To combat this growing concern, we need more facts to better dissect threats and develop a corresponding strategy to address the. This research will provide valuable data to those charged with keeping healthcare information secure.”

Because of its highly personal nature, healthcare data is particularly valuable to hackers.  “Cyber security challenges in the healthcare industry are far broader, with more serious implications than those faced by typical US enterprises,” explained Tom Kellerman, chief cybersecurity officer, Trend Micro. “With high-value data, multiple access points, and difficulties managing security updates, criminals consider healthcare an easy and lucrative target. We applaud HITRUST for driving this initiative, and are pleased to help identify and eradicate targeted attacks as much as possible.”

Security expert Mac McMillan, CEO of security consulting firm CynergisTek, told Information Security Media Group, “A study such as this based on empirical data can paint a relevant picture with respect to the risk that healthcare entities face, and therefore, would be very valuable if done correctly.”

Experts are predicting cyber-attacks against healthcare will be on the rise in 2015 and estimate the cost of healthcare data breaches could hit $5.6 billion this year. As Health IT Outcomes reports, it’s not hard to figure out why. Experts say hackers can profit more from medical data than credit card information – just another indication that protecting health data is more important than ever. Additionally, healthcare data breaches can actually be more dangerous than financial breaches as Health IT Outcomes notes.

HHS data reveals 1 of 10 Americans  – more than 37 million people – have been affected by a healthcare breach since 2009. Participation in the study is free, and interested organizations should contact HITRUST before May 10, 2015. More information is available here.