Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Data Protection

HITRUST Announces Threat Briefings, Cyber Alerts for Healthcare Industry

The Health Information Trust Alliance (HITRUST) announced on Thursday that it will conduct monthly cyber threat briefings in partnership with the U.S. Department of Health and Human Services, and will warn organizations when HITRUST’s Cyber Threat Intelligence and Incident Coordination Center (C3) identifies high probability and impact cyber threats targeted at the healthcare industry.

The Health Information Trust Alliance (HITRUST) announced on Thursday that it will conduct monthly cyber threat briefings in partnership with the U.S. Department of Health and Human Services, and will warn organizations when HITRUST’s Cyber Threat Intelligence and Incident Coordination Center (C3) identifies high probability and impact cyber threats targeted at the healthcare industry.


The new efforts are designed to help organizations better understand current and probable cyber threats relevant to organizations in the healthcare industry and share best practices for cyber defense and incident response.

The new cyber alerting system, C3 Alert, is being coordinated with the Healthcare and Public Health Sector and Government Coordinating Councils.

“Government and industry cooperation and coordination are key to effectively and efficiently preparing the industry for cyber attacks,” said Dr. Earl Motzer, Co-Chair of the Healthcare Sector Coordinating Council established under the National Infrastructure Protection Plan (NIPP). “Availability of this information is a positive step in the industry’s cyber threat preparedness.”

The number of cyber attacks targeted at healthcare industry organizations of all types and sizes continue to increase, while research indicates that most healthcare organizations are not adequately addressing cyber threat preparedness and response.

According to a recent survey from the SANS Institute, a staggering 94 percent of all healthcare organizations said they have been victims of data breaches at some point. In its “Health Care Cyberthreat Report,” released Feb. 21, SANS said that despite the high number, organizations that have been breached but haven’t disclosed the incidents, or haven’t discovered it yet, aren’t included in the tally.

An analysis of HITRUST Common Security Framework (CSF) assessments performed over the last year indicates progress has been made in every information security control area across various segments and organizational sizes, although the most progress with regard to cyber security appears to be in larger organizations with annual revenues over $6 billion, the organization said.

Advertisement. Scroll to continue reading.

“Collaboration is crucial to reducing cyber threats for the entire healthcare industry, including the government,” said Kevin Charest, Chief Information Security Officer, U.S. Department of Health and Human Services. “These briefings and alerts allow us to better disseminate valuable and critical information to healthcare organizations more effectively so they can better prepare and respond to cyber threats and events.”

“Even with our size and level of our information security program’s maturity, I recognize that participating in a functional information sharing and analysis organization, like HITRUST C3, is key to ensuring we have access to the latest and most accurate threat intelligence,” said Roy Mellinger, Vice President and Chief Information Security Officer, WellPoint, Inc. “I also recognize that we need to make sure every organization in healthcare has access to cyber threat alerts, analysis and best practice information to better protect the entire healthcare industry.”

The health industry’s monthly threat briefings will be free of charge, leveraging the resources and content created by the HITRUST C3 and U.S. Department of Health and Human Services Computer Security Incident Response Center (HHS-CSIRC). The briefings are intended to support healthcare organizations of all sizes as well as cyber-security maturity levels.

Helld online, the briefings will begin in April 2014, HITRUST said, and will last 60 – 75 minutes. In addition, the material presented will be made available to those registered.

The C3 Alerts, free of charge, will be issued anytime HITRUST C3 identifies a present and immediate cyber threat relevant to a large number of healthcare organizations, medical devices or systems, HITRUST said.

“Having access to alerts, threat intelligence and lessons learned that are relevant to our organization is important, as it helps ensure that we will maximize our efforts in addressing cyber threats. Information protection is a priority for our organization, but we need to be as efficient as possible in doing so,” explained Aaron Miri, Chief Technology Officer, Children’s Medical Center of Dallas. “The sharing of threat intelligence and best practices will aid the industry and help raise the maturity level of the entire industry by allowing all organizations, small and large, to have access to vital cyber threat and best practices through the industry’s information sharing and analysis organization, HITRUST C3.”

In February 2013, HITRUST established a new working group to focus on developing an information sharing framework to address cyber-security incidents in the healthcare sector.

Most recently, HITRUST announced plans for the CyberRX, a series of cyber attack simulations designed to help healthcare organizations prepare for emerging cyber threats and develop a better understanding of the industry’s cyber threat response readiness.

Additional information and registration for the C3 Monthly Briefing and C3 Alerts is available online.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.