Dive Brief:
- The HITRUST Alliance has developed a "Threat Catalogue" to help healthcare organizations identify and rate the seriousness of cyber threats and prioritize responses accordingly.
- The catalogue, which will be available in March, draws from risk factors and controls of HITRUST’s Common Framework to increase visibility around threats posing the greatest HIPAA risks, the company said.
- It can also help to facilitate supplemental risk analyses and more targeted risk analyses.
Dive Insight:
A new report by research firm Forrester warns that cyberattacks as damaging as Anthem's massive 2015 data breach, which affected upwards of 80 million clients, will become commonplace in 2017, Healthcare IT News reports. Consolidation among provider organizations leads to security fragmentation and varying levels of security, the report explains.
Initial efforts with the Threat Catalogue will focus on four main tasks:
- Identifying and leveraging a threat taxonomy for common threats to electronic personal health information;
- Enumerating all reasonably anticipated threats to ePHI for a an organization;
- Mapping HITRUST CSF control requirements to identified threats; and
- Identifying additional information to enhance future versions of the Threat Catalogue.
“Most organizations do not possess the skill sets necessary to truly identify ever changing cybersecurity threats and associate these threats with the operational impact, tactical response and strategic planning required,” said Anthem CISO Roy Mellinger, a governing chair of the HITRUST Working Group.