The healthcare industry is gearing up for a cyberattack campaign that promises to test companies’ ability to guard against data breach threats. The campaign will be launched by an unlikely source: the U.S. Department of Health and Human Services (HHS).
The healthcare industry is one of the most highly-targeted sectors, and the HHS is partnering with healthcare companies to simulate attacks that could ultimately improve their cybersecurity, SC Magazine reported.
The simulation, called CyberRX, will be overseen by the Health Information Trust Alliance (HITRUST), a creator of the Common Security Framework meant to protect sensitive information. CyberRX exercises are designed to test how organizations detect and respond to security breaches, Health IT Security reported. The planned cyberattacks will hopefully expose any security weaknesses that may have otherwise been exploited by actual cybercriminals.
“We have been coordinating and collaborating with HITRUST to enhance the resources available to the healthcare industry,” said Kevin Charest, HHS chief information security officer. “Our goal for the exercises is to identify additional ways that we can help the industry be better prepared for and better able to respond to cyberattacks. This exercise will generate valuable information we can use to improve our joint preparedness.”
How Healthcare Industry Cybersecurity Will Be Tested
Major healthcare organizations are expected to have their cybersecurity put to the test, including UnitedHealth Group, WellPoint and the Health Care Service Corp.
“I feel strongly that these exercises are needed as a crucial step in the healthcare industry’s continued maturity around cyber threat preparedness and response,” Roy Mellinger, vice president and chief information security officer at WellPoint, told Health IT Security. “It will allow organizations to evaluate and improve their processes and identify gaps in what is needed industry-wide and from government.”
Health organizations are vulnerable to different forms of attacks, so the simulation will involve methods commonly used by cybercriminals, including social engineering and more sophisticated cyberattacks. Criminals often use social engineering techniques that include email phishing scams in order to steal information or infect devices with malware. The test may even include medical devices themselves.
“I [am] comfortable saying that medical devices will be covered in one of the scenarios,” HITRUST CEO Daniel Nutkis told SC Magazine. “Either an exposed threat to a medical device or a specific vulnerability of a medical device” could be some of the vulnerabilities discovered in the CyberRX exercises, he added.
The HITRUST report on the results of the CyberRX exercises will be available in April and will hopefully help healthcare firms plan for cyberattacks in the future.
More on Identity Theft:
- Identity Theft: What You Need to Know
- How Do I Dispute an Error on My Credit Report?
- 3 Dumb Things You Can Do With Email
- The Risks You Face From Identity Theft
- How Can You Tell If Your Identity Has Been Stolen?
- What Should I Do If I’m a Victim of Identity Theft?
- How Credit Impacts Your Day-to-Day Life