Healthcare organizations lack tools for cyber risk assessment


Although organizations are increasingly utilizing threat indicators and other threat intelligence, they are doing so without understanding the relevance to their organization. In addition, most organizations are still unable to understand the effectiveness of deployed information security products, especially in relation to emerging cyber threats.

These are key findings of the Health Information Trust Alliance’s (HITRUST’s) has three-month review of its approach to cyber risk management for the healthcare industry. The effort was focused on understanding the challenges of healthcare organizations across varying levels of information protection maturity.

The review concluded that, to enable a better understanding of the emerging threat landscape and the impact on organizational-specific cyber security defenses, a new approach needs to be deployed and new tools developed. This fundamental shift requires a more proactive model where organizations have real-time situational awareness or insights into emerging cyber threats.

In response to the report’s findings, HITRUST has announced a new component of its cyber risk strategy. HITRUST CyberVision is the first real-time situational awareness and threat assessment tool tailored to the healthcare industry.

“Although we have made good progress in maturing our cyber risk management approach for industry, with significant improvements in information sharing, the real opportunity is to understand the emerging threats and model them against organization-specific defenses, configurations and applications,” said Daniel Nutkis, chief executive officer, HITRUST. “HITRUST CyberVision will also allow us to better engage with the vendor community to improve product effectiveness.”

Risk Management, IT and Data Security, HITRUST, Daniel Nutkis, US