Cyberattack Drill Exposes Healthcare Industry's Vulnerabilities
Healthcare organizations are at their weakest not necessarily on technical implementations, but in their ability to coordinate and collaborate across organizations, says a security expert.
Healthcare providers, like other industries, are not always very good at sharing cyber-attack intelligence with each other. But according to findings of a first-of-its-kind April 1 simulated drill, improvements are now underway specifically in the healthcare industry.
The industry-wide exercise, CyberRX, presented participants with a series of challenges which "exercised elements within each of the organizations," said Kevin Charest, chief information security officer for the U.S. Department of Health and Human Services.
"We actually started it off with some fraud, where a physician attempted to have some malicious code written that would allow erroneous images to be created and then they could defraud Medicaid and Medicare," Charest explained.
The scenario involved lots of different complexities in incident response, including responding to simulated inquiries from the press, Charest says.
A Wide Range of Players
A big takeaway from the exercise: Healthcare organizations are at their weakest not necessarily on technical implementations, but in their ability to coordinate and collaborate across myriad healthcare entities, says Roy Mellinger, who is vice president, IT security, and chief information security officer at Wellpoint, the largest managed health care, for-profit company in the Blue Cross and Blue Shield Association.
- CMS Mulls Income-Adjusting MA Stars
- Providers Prep for New Payment Models as Population Health Grows
- 3 Ways to Rev Employee Development Programs
- Providers' Push to Consolidate Roils Payers
- Transforming Decision Support and Reporting
- As Retail Clinics Surge, Quality Metrics MIA
- Aligning Executive Compensation with Provider Mission
- Nurse Ethics Comes to a Head at Guantanamo Bay
- In Lakeport, CA, a Population Health Laboratory is Born
- 6 Not-So-Good Reasons for Avoiding Population Health