Cyberattack Planned to Test Healthcare Security

The healthcare industry is gearing up for a cyberattack campaign that promises to test companies’ ability to guard against data breach threats. The campaign will be launched by an unlikely source: the U.S. Department of Health and Human Services (HHS).

The healthcare industry is one of the most highly-targeted sectors, and the HHS is partnering with healthcare companies to simulate attacks that could ultimately improve their cybersecurity, SC Magazine reported.

The simulation, called CyberRX, will be overseen by the Health Information Trust Alliance (HITRUST), a creator of the Common Security Framework meant to protect sensitive information. CyberRX exercises are designed to test how organizations detect and respond to security breaches, Health IT Security reported. The planned cyberattacks will hopefully expose any security weaknesses that may have otherwise been exploited by actual cybercriminals.

“We have been coordinating and collaborating with HITRUST to enhance the resources available to the healthcare industry,” said Kevin Charest, HHS chief information security officer. “Our goal for the exercises is to identify additional ways that we can help the industry be better prepared for and better able to respond to cyberattacks. This exercise will generate valuable information we can use to improve our joint preparedness.

How Healthcare Industry Cybersecurity Will Be Tested

Major healthcare organizations are expected to have their cybersecurity put to the test, including UnitedHealth Group, WellPoint and the Health Care Service Corp.

Get everything you need to master your credit today.
Get started for free

“I feel strongly that these exercises are needed as a crucial step in the healthcare industry’s continued maturity around cyber threat preparedness and response,” Roy Mellinger, vice president and chief information security officer at WellPoint, told Health IT Security. “It will allow organizations to evaluate and improve their processes and identify gaps in what is needed industry-wide and from government.”

Health organizations are vulnerable to different forms of attacks, so the simulation will involve methods commonly used by cybercriminals, including social engineering and more sophisticated cyberattacks. Criminals often use social engineering techniques that include email phishing scams in order to steal information or infect devices with malware. The test may even include medical devices themselves.

“I [am] comfortable saying that medical devices will be covered in one of the scenarios,” HITRUST CEO Daniel Nutkis told SC Magazine. “Either an exposed threat to a medical device or a specific vulnerability of a medical device” could be some of the vulnerabilities discovered in the CyberRX exercises, he added.

The HITRUST report on the results of the CyberRX exercises will be available in April and will hopefully help healthcare firms plan for cyberattacks in the future.

More on Identity Theft:

Image: iStock

You Might Also Like

A father and son smile at each other
Becoming an authorized user is a common tip for individuals tryin... Read More

September 13, 2021

Uncategorized

A woman shakes the hand of the man who interviewed her.
Long-term unemployment can really hurt—and not just financially... Read More

August 4, 2021

Uncategorized

A stock market graph, similar to the trajectory of GameStop stock, is displayed on a tablet. A blank piece of paper and a pen are next to the tablet, and all sit on a wooden tabletop.
GameStop, a dying video game retailer, has blown past epic propor... Read More

January 28, 2021

Uncategorized