New guidance has been released to help healthcare organizations assess the state of their cyber security preparedness. The guidelines have been prepared by the Health Information Trust Alliance (HITRUST) in response to heightened awareness and concerns about cyber threats, attacks and incidents.
“As predicted, HITRUST has seen a marked increase in the frequency and sophistication of cyber attacks targeted at healthcare organizations,” said Daniel Nutkis, chief executive officer, HITRUST.
“What is raising concerns is the amount of personal health information misappropriated from health plans and providers that is for sale on the various hacker forums. As the sophistication and intensity of cyber attacks increases, HITRUST believes it is more critical than ever that healthcare organizations have the appropriate safeguards in place and a means by which to review their current level of preparedness.”
The new HITRUST guidance identifies an appropriate subset of controls within the HITRUST Common Security Framework (CSF) that are most directly related to detecting and thwarting cyber-related breaches and allows organizations to assess against the cyber-specific controls and receive a snapshot of their cyber capabilities and readiness.
“HITRUST remains committed to providing organizations with the resources and tools with which they can establish a comprehensive approach to risk management, encompassing not only compliance-related functions, but expanding to other areas of risk such as cybersecurity," said Dr Bryan Cline, vice president, CSF development and implementation, HITRUST.
“It is important for the healthcare industry that overall risk management and safety are not compromised in the sole pursuit of complying with regulations and standards.”
Health Information Trust Alliance (HITRUST), healthcare organizations, Common Security Framework (CSF)