Healthcare providers, like other industries, are not always very good at sharing cyber-attack intelligence with each other. But according to findings of a first-of-its-kind April 1 simulated drill, improvements are now underway specifically in the healthcare industry.
The industry-wide exercise, CyberRX, presented participants with a series of challenges which "exercised elements within each of the organizations," said Kevin Charest, chief information security officer for the U.S. Department of Health and Human Services.
"We actually started it off with some fraud, where a physician attempted to have some malicious code written that would allow erroneous images to be created and then they could defraud Medicaid and Medicare," Charest explained.
The scenario involved lots of different complexities in incident response, including responding to simulated inquiries from the press, Charest says.
A Wide Range of Players
A big takeaway from the exercise: Healthcare organizations are at their weakest not necessarily on technical implementations, but in their ability to coordinate and collaborate across myriad healthcare entities, says Roy Mellinger, who is vice president, IT security, and chief information security officer at Wellpoint, the largest managed health care, for-profit company in the Blue Cross and Blue Shield Association.