Study to Probe Healthcare Cyber-Attacks | Healthcare and Technology news | Scoop.it

In the wake of the recent hacker attacks on Anthem Inc. and Premera Blue Cross that compromised personal data on millions of individuals, the Health Information Trust Alliance is attempting to launch a study to get a better understanding of the severity and pervasiveness of cyber-attacks in the healthcare sector, as well as the attackers' methods.


HITRUST, best known for its Common Security Framework hopes to recruit hundreds of participants for its "Cyber Discovery" study. Organizations that join the study will monitor for signs of attacks for a 90-day period using data gathered with Trend Micro's threat discovery technology, which works with security information and event management systems. "It's like a big sandbox that works in a passive mode and collects everything and tries to analyze everything that comes into the sandbox," Dan Nutkis, HITRUST CEO, tells Information Security Media Group.


Participants can use the data that's collected and analyzed by the technology for their own cyber-intelligence activities. For the study, the participating organizations will provide anonymized data regularly to HITRUST for analytical purposes. "We don't have the name of the organization, just the type of organization," Nutkis says.

Security expert Mac McMillan, CEO of security consulting firm CynergisTek, says that as long as HITRUST can guarantee the data collected from healthcare organizations is anonymized, the alliance might be able to attract participants. And if there are enough participants, "a study such as this based on empirical data can paint a relevant picture with respect to the risk that healthcare entities face, and therefore, would be very valuable if done correctly," adds McMillan, chair of the HIMSS Privacy & Security Policy Task Force.

HITRUST hopes to have the necessary software and hardware installed at all the participating organizations by the end of May, Nutkis says. It will publish an initial report of findings and recommendations approximately four months from the launch of the project.

Digging In

The organization is seeking about 210 voluntary participants from the healthcare sector, including insurers, hospitals, accountable care organizations and clinics. Each will participate for 90 days or longer, Nutkis says. Participants do not have to be members of HITRUST to qualify.


Each participating healthcare organization will get free use the Trend Micro technology during the study. Trend Micro will install the appliance and train organizations how to use it and how to conduct the forensics analysis, Nutkis says.


"The goal is to understand the threat actors, the methods and their targets," he says. Among the questions to be addressed, he says, are: "Are these actors targeting health plans or are they targeting specific types of equipment or types of data? Are they after PHI or PII? What's the level of persistence? What's the duration of them trying to get in? Do they keep coming back?"


The study aims to accurately identify attack patterns as well as the magnitude and sophistication of specific threats across enterprises, he says.

Recent Attacks

When it comes to the recent attacks on Anthem and Premera, and their significance to the healthcare sector, "there's a lot speculation and conjecture about what's going on," he says. "There was a great level of concern after the Community Health System attack" last year, in which hackers compromised data of about 4.5 million individuals. Because they were reported about six weeks apart, the Anthem and Premera breaches raised concerns about whether they were related, he says. While those breach investigations are still ongoing, the healthcare sector is trying to understand who's being targeted, how and for what data, he explains.


Nutkis says HITRUST will consider whether to repeat the study annually to track emerging trends.


McMillan, the consultant, says the value of the study to the healthcare sector will ultimately depend on what is examined. "For instance, will it address social engineering or things like phishing? Phishing is a huge issue for healthcare right now and is believed to have had a role in the many of the high-profile breaches of last year."