The Health Information Trust Alliance (HITRUST) and Children’s Health, the leading pediatric health care system in North Texas, have partnered to launch HITRUST CyberAid–a cyber solution for smaller health care organizations.
HITRUST is an Information Sharing and Analysis Organization (ISAO) that regularly engages in cyber risk management, and has evaluated gaps in cybersecurity at smaller health care organizations. They have found that these groups struggle with selection, acquisition, implementation, and operation of information security tools needed to show compliance.
Ransomware and other threats have impacts on all health care organizations, but the most devastating consequences come down on small practices. HITRUST CyberAid helps physician practices with fewer than 75 employees evaluate and identify new cyber solutions and processes that can be implemented and operated cost-effectively, and provide cyber threat protection.
“As a small physician practice with limited IT support, I rest easier knowing that CyberAid monitoring is in place. Having this level of protection allows me to maintain my focus on caring for patients, while also ensuring their data is protected,” said Mary Jean Strength of Waxahachie, Texas.
Children’s Health is the first provider partner working to inform the physician community on the importance of information security and helping engage practices in the CyberAid program.
“Our organization hosts private physician practices on our electronic medical record (EMR) system. Supporting this program enables us to more fully protect our organization, these physician practices, and their patients from risks associated with cyber threats,” said Pamela Arora, senior vice president and chief information officer, Children’s Health.
Currently, 80 physician practices, ranging from two to 15 physicians, are deploying HITRUST CyberAid. HITRUST plans on measuring program effectiveness through evaluating the following:
- Ability to mitigate cyber risks.
- Practicality of use within small organizations.
- Capacity to support cyber threat information sharing of indicators of compromise (IOCs).
- Proficiency in facilitating routine, streamlined security assessments.
- Acquisition and maintenance affordability.
CyberAid selects only solutions that are the optimum price of $25-$60 per user, per year. It also makes sure all suggested solutions align with broader health care standards and have the necessary technical and operational components.
“Identifying solutions that address current and evolving cyber threats—not to mention implementing and managing these solutions—is daunting for a small practice,” said Pete Perialas, senior vice president and chief strategy officer, Children’s Health. “Participating in current models of cyber threat sharing can be prohibitive, whereas CyberAid puts these levels of protection within reach.”
The initial 80 physician practices using CyberAid will complete deployments in the next three months. After that time, HITRUST and Children’s Health will be evaluating the effectiveness and usability of the tool, as well as each practice’s satisfaction.
Beginning in September, additional physician groups across the United States will be able to subscribe to the CyberAid service.
“Effectively addressing cybersecurity challenges, engaging in cyber information sharing and streamlining the HITRUST CSF Assessment process for physician practices have been a goal of HITRUST,” said Daniel Nutkis, CEO, HITRUST. “This program is a big step forward toward those goals.”
