Home > 2014 > Identity Theft > Cyberattack Planned to Test Healthcare Security

Cyberattack Planned to Test Healthcare Security

Advertiser Disclosure Comments 0 Comments

The healthcare industry is gearing up for a cyberattack campaign that promises to test companies’ ability to guard against data breach threats. The campaign will be launched by an unlikely source: the U.S. Department of Health and Human Services (HHS).

The healthcare industry is one of the most highly-targeted sectors, and the HHS is partnering with healthcare companies to simulate attacks that could ultimately improve their cybersecurity, SC Magazine reported.

The simulation, called CyberRX, will be overseen by the Health Information Trust Alliance (HITRUST), a creator of the Common Security Framework meant to protect sensitive information. CyberRX exercises are designed to test how organizations detect and respond to security breaches, Health IT Security reported. The planned cyberattacks will hopefully expose any security weaknesses that may have otherwise been exploited by actual cybercriminals.

“We have been coordinating and collaborating with HITRUST to enhance the resources available to the healthcare industry,” said Kevin Charest, HHS chief information security officer. “Our goal for the exercises is to identify additional ways that we can help the industry be better prepared for and better able to respond to cyberattacks. This exercise will generate valuable information we can use to improve our joint preparedness.”

How Healthcare Industry Cybersecurity Will Be Tested

Major healthcare organizations are expected to have their cybersecurity put to the test, including UnitedHealth Group, WellPoint and the Health Care Service Corp.

“I feel strongly that these exercises are needed as a crucial step in the healthcare industry’s continued maturity around cyber threat preparedness and response,” Roy Mellinger, vice president and chief information security officer at WellPoint, told Health IT Security. “It will allow organizations to evaluate and improve their processes and identify gaps in what is needed industry-wide and from government.”

Health organizations are vulnerable to different forms of attacks, so the simulation will involve methods commonly used by cybercriminals, including social engineering and more sophisticated cyberattacks. Criminals often use social engineering techniques that include email phishing scams in order to steal information or infect devices with malware. The test may even include medical devices themselves.

“I [am] comfortable saying that medical devices will be covered in one of the scenarios,” HITRUST CEO Daniel Nutkis told SC Magazine. “Either an exposed threat to a medical device or a specific vulnerability of a medical device” could be some of the vulnerabilities discovered in the CyberRX exercises, he added.

The HITRUST report on the results of the CyberRX exercises will be available in April and will hopefully help healthcare firms plan for cyberattacks in the future.

More on Identity Theft:

Image: iStock

Comments on articles and responses to those comments are not provided or commissioned by a bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by a bank advertiser. It is not a bank advertiser's responsibility to ensure all posts and/or questions are answered.

Please note that our comments are moderated, so it may take a little time before you see them on the page. Thanks for your patience.

Certain credit cards and other financial products mentioned in this and other articles on Credit.com News & Advice may also be offered through Credit.com product pages, and Credit.com will be compensated if our users apply for and ultimately sign up for any of these cards or products. However, this relationship does not result in any preferential editorial treatment.