In a three-month review of cyber risk management practices in healthcare, the Health Information Trust Alliance (HITRUST) has found that the industry's approach is reactive, inefficient and labor intensive.
HITRUST says one of the key concerns revealed by the review is that organizations are not aware of the threats they face, according to an announcement.
The providers "acknowledged they had minimal understanding as to the impact of cyberthreats on their current cybersecurity products," the review says. In addition, because of that lack of awareness, health entities put a lot of emphasis on indicators of compromise (IOCs) to uncover breaches, which is a "retrospective" approach that "introduces inefficiencies," HITRUST says.
Organizations also need to improve communcation about how effective their security measures are, especially with senior management, according to the review.
In reaction to the findings, HITRUST is rolling out a new component to its cyber risk strategy--HITRUST CyberVision--a "real-time situational awareness and threat assessment tool tailored to the healthcare industry." It plans to have the service available by March 9.
The push to get the healthcare industry to be more proactive when it comes to security and privacy is nothing new. Professionals in the industry remain too reactive and compliant-focused, Mark Ford, principle of Deloitte Cyber Risk Services, said in November. "There's a pretty significant gap between where they are today and where they ultimately need to be," he said.
HITRUST's new service is in addition to ones previously offered, including the Cyber Threat XChange, which was created to speed up detection and response to threats targeted at the healthcare industry. Last spring the organization teamed up with the U.S. Department of Health & Human Services to conduct monthly threat briefings.
To learn more:
- read the announcement