How ready would the federal government and health sector be if faced with a cyber attack? They're set to find out in March, when simulated attacks against healthcare networks--dubbed CyberRX--will test their vulnerability to hackers, Nextgov reports.
"Our goal for the exercises is to identify additional ways that we can help the industry be better prepared for and better able to respond to cyberattacks," U.S. Department of Health & Human Services Chief Information Security Officer Kevin Charest said in a statement from the Health Information Trust Alliance (HITRUST), which will coordinate the event. "This exercise will generate valuable information we can use to improve our joint preparedness."
This will be the first time insurers, hospitals, pharmaceutical managers and HHS will run a simulation together, mainly because if the healthcare industry was the victim of a large-scale cyber attack, the consequences would be dire. According to Nextgov, it's unclear whether the event will test the much-maligned HealthCare.gov.
An official with the U.S. Department of Homeland Security's Office of Cybersecurity and Communications revealed at a House committee hearing in November that DHS was aware of roughly 16 reports of cybersecurity threats to HealthCare.gov from HHS.
A few months before that, Senate Republicans, led by Utah's Orrin Hatch, asked the Government Accountability Office to review security and privacy features of the data services hub connecting state health insurance exchanges with federal agencies. In June, 16 Republican lawmakers also raised concerns about the hub in a letter sent to HHS Secretary Kathleen Sebelius.
"As cyber threats continue to increase and the number of attacks targeted at healthcare organizations rise, industry organizations are seeking useful and actionable information with guidance that augments their existing information security programs without duplication or complication," HITRUST Chief Executive Officer Daniel Nutkis said in the statement. "CyberRX will undoubtedly provide invaluable information that can be used by organizations to refine their information protection programs."
Last spring, HITRUST issued guidance to help healthcare organizations set priorities for cybersecurity preparedness. The guidance pointed to a subset of controls within the HITRUST Common Security Framework (CSF) to help organizations assess their cyber capabilities and readiness.
Researchers publishing in the journal Telemedicine and e-Health in December 2012 concluded that a lack of spending on healthcare data security and an increased emphasis on digital activity were primary reasons why the U.S. healthcare industry was at risk as a cyberterrorism target.