Digital healthHealthcare industry to conduct cyberattack drill in March

Published 17 January 2014

The American health care industry, in partnership with the federal government, will in March conduct simulated cyberattacks targeting industry networks and resources in an effort to test the industry’s vulnerability to cyberattacks. This will be the first time insurers, hospitals, pharmaceutical manufacturers, and HHS will run coordinated drills. Healthcare is one of seventeen critical infrastructure sectors which, if attacked, could have damaging consequences for the country.

The American health care industry, in partnership with the federal government, will in March conduct simulated cyberattacks targeting industry networks and resources in an effort to test the industry’s vulnerability to cyberattacks.

Nextgov reports that this will be the first time insurers, hospitals, pharmaceutical manufacturers, and the Department of Health and Human Services (HHS) will run coordinated drills. Healthcare is one of seventeen critical infrastructure sectors which, if attacked, could have damaging consequences for the country.

 

HHS Chief Information Security Officer Kevin Charest said in a statement, “Our goal for the exercises is to identify additional ways that we can help the industry be better prepared for and better able to respond to cyberattacks. This exercise will generate valuable information we can use to improve our joint preparedness.”

The event will be coordinated by the Health Information Trust Alliance, a medical information technology advocacy group.

A 2012 Ponemon Institute study revealed that 94 percent of health care organizations experienced at least one form of cyberattack during the previous two years. The simulated cyberattacks planned for March, titled CyberRX, will help participants identify weak points within their digital infrastructure.

NextGovnotes that HITRUST has established an incident response center that shares intelligence on threats among industry members, including HHS and officials at the Department of Homeland Security(DHS). The exercise in March will determine the efficiency of the response center model.

“As cyber threats continue to increase and the number of attacks targeted at healthcare organizations rise, industry organizations are seeking useful and actionable information with guidance that augments their existing information security programs without duplication or complication,” HITRUST Chief Executive Officer Daniel Nutkis said in a statement. “CyberRX will undoubtedly provide invaluable information that can be used by organizations to refine their information protection programs.”

Other industries have conducted coordinated attacks to measure the strength of their digital infrastructure. In November 2013, 10,000 electrical engineers, cybersecurity specialists, utility executives, and FBI agents in California spent two days testing their cyber vulnerabilities. The financial sector also ran its second simulated test, Quantum Dawn 2, in October 2013. The six-hour exercise included more than 500 people and more than fifty organizations.

Participants in the March exercise include Children’s Medical Center Dallas, CVS Caremark and Express Scripts, as well as several insurance providers such as Health Care Service Corp., Humana, UnitedHealth Group, and WellPoint. It is uncertain whether HealthCare.gov, the federal online health insurance exchange, will participate. A second exercise is planned for this summer.