E-News Exclusive

HITRUST to Launch Cybersecurity Solution

By Ed Cabrera

In an effort to curb cybersecurity breaches in the health care industry, the Health Information Trust Alliance (HITRUST) has implemented a new security solution, CyberAid, with the assistance of a globally recognized cybersecurity company.

Smaller health care organizations with limited technical and financial resources might find cybersecurity a daunting challenge. CyberAid is an initiative specifically designed to help health care practices comprising fewer than 75 employees protect themselves from ransomware, data breaches, and other malicious threats. Originally launched with pediatric provider Children’s Health, CyberAid provides a much-anticipated solution to the security needs of smaller health care providers seeking an easy-to-use, affordable, and effective security program.

Cybersecurity Breaches in Health Care
The massive amounts of patient information collected by health care providers makes them a prime target for cyberattacks. Companies such as Anthem, Premera, and Banner Health have already experienced significant breaches, which led to the release of the private, personal identifiable information, including names, birth dates, and Social Security numbers, of tens of millions of subscribers. The public dissemination of this type of sensitive, personal information not only takes a toll on the patients whose information is leaked but also threatens the reputation of the health care providers who are charged with protecting it.

Until recently, cybersecurity concerns in health care—and the solutions to combat these concerns—have primarily focused on larger health care providers that consistently store a great deal of sensitive patient information. However, as a result of recent security breaches, most health care giants have greatly augmented their cybersecurity standards and fortified protection while smaller providers still lack the access and means for an effective security platform, making them next in line for cyber theft.

An Effective, Affordable Solution
Recognizing the vulnerability of smaller health care organizations and the fact that most are ill-equipped to handle the selection, acquisition, implementation, and operation of the security tools and processes needed to effectively mitigate security risks, HITRUST developed CyberAid. Designed specifically to deal with the challenges faced by smaller providers, including manpower and finances, CyberAid evaluates and identifies cybersecurity solutions and corresponding processes that can be easily and effectively implemented, managed, and operated while offering the necessary features to both combat security risks and meet compliance guidelines.

To achieve the ease of use, affordability, and effectiveness necessary for smaller organizations, CyberAid teamed up with a globally recognized cybersecurity vendor with expertise throughout the health care industry. CyberAid’s initial technology and service bundle leverages a cloud-hybrid network security appliance and endpoint security software. Both applications are effortless to deploy and require minimal administrative support from providers.

Currently, the components of CyberAid include installation assistance, hardware, software, monitoring services, and training, and will eventually include recovery support. In an effort to both optimize the solution and ensure it is providing the necessary level of protection, HITRUST will continuously monitor CyberAid’s performance at participating provider locations. Specifically, HITRUST will measure CyberAid’s:

• ability to mitigate cyber risks;
• practicality of use within in smaller organizations;
• capacity to support cyber threat information sharing of indicators of compromise;
• proficiency in facilitating routine, streamlined security assessments; and
• acquisition and maintenance affordability.

Through collaboration with both the physician community and vendor partners, HITRUST has defined the optimum pricing range for a complete CyberAid package as $25 to $60 per user, per year. Because CyberAid is still in its early stages, HITRUST anticipates additional or updated packages based on provider needs.

The Benefits of CyberAid
By leveraging a sophisticated cybersecurity solution such as CyberAid, small health care providers will be able to better protect sensitive patient information while upholding a high level of service, adhering to compliance standards, and potentially preventing a large expenditure at the hands of a cyberattack. Although providers may not feel an immediate impact on their revenue as the result of a security breach, many patients and subscribers will lose confidence in their provider if their sensitive medical records are compromised or exposed. Similarly, a patient’s loss of confidence in a provider to keep private information secure can be detrimental to an organization’s brand reputation, which is largely composed of its ability to maintain privacy and compliance standards.

At $25 to $60 per user, per year, CyberAid is an affordable solution for smaller organizations—especially considering the potential cost that could be incurred as a result of an attack. If systems are compromised, ripple effects will be felt in terms of manpower, recovering lost information, and possible patient care disruption, as well as the financial burden associated with investigating the breach. The best way to stay compliant, protect patients, and keep unnecessary costs at bay is to invest in a comprehensive security solution that provides effective, affordable, and low-maintenance protection.

— Ed Cabrera is chief cybersecurity officer at Trend Micro.