Dive Brief:
- A group of organizations cutting across the health sector, in partnership with the federal government, have made plans to conduct simulated cyber security attacks against healthcare networks to test their vulnerability. The exercise is dubbed CyberRX.
- The tests, which will take place in March, is the first time insurers, hospitals, pharmaceutical manufacturers and HHS have run such a test in common.
- The event is being coordinated by The Health Information Trust Alliance (HITRUST), which is a medical information technology advocacy group. HITRUST already runs and incident response center that circulates cyber threat information among industry specialists; this drill in March is aimed partly at determining the efficiency of the HITRUST model.
Dive Insight:
Given how common information breaches have been in healthcare organizations of late, testing their cyber vulnerability seems like very good idea. However, most of the breaches haven't come from cyber attacks, but rather mistakes by staff and contractors or theft of devices containing protected health information. Until the procedural holes which make these run-of-the-mill breaches possible are closed, battening down for a massive cyber attack can only make a modest contribution to overall healthcare data security.