HITRUST piloting early cyberthreat warning system

HITRUST has built and is pilot testing the HITRUST Cyber Threat XChange (CTX), an automated service to provide early detection and faster analysis of cyberthreats that participating organizations collect and submit to CTX.

The service will "distribute actionable indicators in electronically consumable formats that organizations of almost all sizes and cybersecurity maturity can utilize to improve their cyber defenses," according to a release. HITRUST CTX will act as an advanced early warning system.

This marks the third major service launch this year for the healthcare industry stakeholder coalition that works to improve cybersecurity. The organization started offering in March free monthly healthcare cyberthreat briefings in partnership with the Department of Health & Human Services. It also pilot tested a cyber attack simulation exercise in which a third party launches real but harmless attacks on participating organizations’ information networks to assess how well they recognize and respond to the attack. That program has intensified with more than 750 healthcare organizations participating and being attacked starting at the beginning of October. Cyber Rx 2.0 also includes three levels of simulation sophisticated, depending on the participant's security readiness.

Initial pilot participants in CTX include Express Scripts, Health Care Services Corp., Highmark Health, Humana, Seattle Children’s Medical Center, UnitedHealth Group, University of Rochester Medical Center, WellPoint and secure cloud hosting vendor FireHost. HITRUST expects CTX to go live in January 2015.

CTX also will analyze the threat indicators it collects against other threat sources across multiple industries and against the U.S. Computer Emergency Readiness Team (US-CERT) and in the Department of Homeland Security. US-CERT coordinates cyber information sharing and managing of risk.