The Health Information Trust Alliance has launched a service that enables an exchange of intelligence on cyber-threats facing the health care industry.
The Health Information Trust Alliance (HITRUST
), a group of health care
business technology and information security leaders, has launched the Cyber Threat
Analysis Service (C-TAS) to provide intelligence on computer network threats
facing the health care industry.
HITRUST aims to protect electronic health records (EHRs) and
medical devices from suspicious online activity by promoting collaboration
among IT leaders, government officials and health care providers. It also offers
education about risk-management practices to health care providers.
"Health care security professionals will receive
written updates that describe the motivation, intent and capability of the
adversary responsible for a cyber-threat," Daniel Nutkis, CEO of HITRUST,
in an email. "This provides context needed to assess the
likelihood of an impact to their own organization."
For C-TAS, HITRUST is partnering with iSight Partners, a
firm that offers global cyber-intelligence to federal, state and local
"Cyber-threats targeting the health care sector are
very unique, and it's important to craft sector-specific threat intelligence
capabilities and products," John Watters, CEO of iSight, said in a
The service consists of a platform that offers vulnerability
reporting and research on best practices for security officers and
HITRUST will share information about threats without "attribution,"
or mentioning the organization that detected the threat, according to Nutkis.
"When a health care organization finds a threat in
their enterprise, they will share that threat information with HITRUST, and
HITRUST will send an update to all organizations but will not mention the
original organization that initially detected the threat," he said.
Launched on July 24, C-TAS is part of the Cybersecurity
Incident Response and Coordination Center, which HITRUST established on April
24 to provide early detection, remediation and threat alerts to the health care
Health care organizations generally are unable to afford
their own threat centers, according to HITRUST. But they need a high level of
protection because their IT systems store personal health information and
consumer data as well as intellectual property and trade secrets, HITRUST
The Departments of Health and Human Services, Veteran
Affairs and Homeland Security (DHS) participate in HITRUST. On May 4, DHS
issued a report on how medical
devices that connect to IT networks may pose a threat to security
Health IT company McKesson and insurer WellPoint are also
involved in HITRUST, along with other participants from pharmaceutical distributors
"The level of collaboration we are experiencing across
the health care industry and with government agencies, EHR vendors and medical
device manufacturers is unprecedented and reflects the importance to the
industry," said Nutkis.
Data breaches in health care have increased by more than 30
percent from 2010 to 2011, according to the Ponemon Institute's December 2011
Second Annual Benchmark Study on Patient Privacy & Data Security. A data
breach brings an average economic impact of $2.2 million, Ponemon reported.
"The HITRUST C-TAS is a major step forward in the
availability of tools and knowledge for organizations to prepare and respond to
cyber-incidents, and to better protect this critical industry," said
develops, managing security threats need to improve as well,
according to Michael Wilson, vice president and chief information security officer
The HITRUST service is a "crucial" tool that will make health
care data more "targeted, readily accessible and meaningful," Roy
Mellinger, vice president and chief information security officer, WellPoint,
said in a statement.
C-TAS packages include tech support as well as reports on incidents
and threats such as malware. The reports will be geared toward specific
roles such as security operations, investigations and management, said Nutkis.
Health care organizations will be able to use a Web-based
system to notify HITRUST of suspicious code or other indicators, he said.