Mary-Louise Hoffman
Deloitte, the Health Information Trust Alliance and the Department of Health and Human Services have collaborated to help U.S. health insurance companies practice breach readiness and mitigation strategies through a cybersecurity simulation exercise.
HITRUST said Thursday more than 250 employees from 12 health insurance organizations joined the CyberRX 2.0 Health Plan drill in order to identify specific areas where they can improve their management of information technology security incidents.
“As we see in other industries, having a plan on paper is a basic requirement, but putting it to the test is where organizations gain the muscle memory needed to be effective in a crisis,” said John Gelinne, a director of Deloitte’s advisory cyber risk services business.
An after-action report from Deloitte’s cyber risk services practice indicates that some CyberRX participants have focused on forensic data analysis and assessment of the possible impacts of a cyber attack on their companies’ operation.
HITRUST noted a lack of regular cross-functional communication at the participating organizations has affected their decision-making process during a breach scenario.
The alliance recommended that health insurers establish an incident-response ecosystem, share threat intelligence, know their cyber insurance claims processes, develop incident response plans and collaborate with law enforcement agencies.
