Cyberattack Drill Exposes Healthcare Industry's Vulnerabilities
"Unlike financial services, where you're just dealing with primarily banking and loan information, we're dealing with small providers, small doctors' offices and clinics, and diagnostic centers. And we're dealing with medical devices and manufacturers," Mellinger says. "We're dealing with hospital systems. We're dealing with the payer industry. So how do you coordinate intelligence information and expertise across those varying types of entities?"
Not surprisingly, the exercise also pointed out that the ability of similar organizations to respond to a cyberthreat varies based on the maturity and experience of each organization's IT systems and leadership teams.
Early Warning System Needed
Jim Koenig, principal global leader, commercial privacy, cybersecurity and incident response for Booz Allen Hamilton, says "all of the new players present increase opportunities for risk, and systems that haven't become necessarily stable, and all of that happening at once creates a new set of risk profiles." Koenig acted as observer for the CyberRX exercises on behalf of the exercise's organizers, HHS and the Health Information Trust Alliance (HITRUST).
Rapid changes in healthcare technology are all the more reason for an early warning system, because a number of organizations may be subject to the same potential threat and the same potential players, or, a vendor, who may be vulnerable within the chain, Koenig says.
- CVS Ramps Up Retail Clinics with Provider Affiliations
- 4 Tectonic Shifts Shaking Up Healthcare
- Drug Pricing 'Tantamount to Greed,' Lawmaker Says
- Contradictory Obamacare Rulings Issued by Appellate Courts
- Study Puts Spotlight on Preventing Fall-Related Injuries
- Wanted: Nurse PhDs
- As HIPAA Breaches Accelerate, Tools Lag
- Roundtable: Life After a Healthcare Organization Acquisition
- The Infection-Busting Treatment Payers Don’t Want to Talk About
- Medical Errors Third Leading Cause of Death, Senators Told