HITRUST has announced it is embarking on a new Community Extension Program to reach out to healthcare organizations to provide advice on best practices to adopt to improve cybersecurity.
The new program will enable HITRUST to discuss cybersecurity issues with healthcare organizations and stakeholders and explain some of the lessons that have been learned by healthcare organizations through their own risk management programs.
The Community Extension Program will see HITRUST running town hall events in 50 major cities across the United States over the next 12 months. Each event will be hosted by a healthcare organization and facilitated by a HITRUST CSF Assessor.
Dates and locations are still to be confirmed, although the first six events will be taking place in Boston, MA; Houston, TX; Denver, CO; Dallas, TX; Cleveland, OH; and Seattle, WA. The first event will be hosted by Tufts Medical Center in Boston, with the event facilitated by PwC.
The events will cover a range of topics including how to structure and implement risk management programs, key considerations when implementing the HITRUST CSF, how to use the HITRUST CSF to implement the NIST Cybersecurity Framework, leveraging the HITRUST CSF Threat Catalogue, HITRUST Assessment and reporting options, aligning information risk management with cyber insurance programs, and the importance of cyber information sharing by all organizations, regardless of their level of cyber maturity.
Improving resilience against cyber threats is imperative and ‘cannot be understated’, said Tufts Medical Center CISO Taylor Lehmann. He explained that while improving cybersecurity defenses can be a challenge, “HITRUST provides a number of programs that make the goal achievable and sharing best practices, lessons learned and remediation strategies makes the community stronger.”
One of the main aims from these events is to promote collaboration between all healthcare organizations across the country, regardless of the size of each organization of their level of cyber maturity.
Information sharing is an important tool to promote strong cyber hygiene. Cyber threat information sharing helps healthcare organizations prepare for potential attacks and put defenses in place to prevent data breaches. It also enables them to prepare for the worst and respond quickly when breaches do occur. Information sharing is not only about cyberattacks by malicious insiders. Sharing information about insider incidents is also highly beneficial for the healthcare industry as a whole.
HITRUST Assurance Strategy and Community Development Vice President Michael Parisi said, “This program provides significant value by allowing organizations to engage with, and learn from, others in the community about how they approach the challenges related to managing risk, controlling compliance costs while effectively implementing a strong security posture and defending against cyber threats”
While the events are free of charge, advance registration is required. Healthcare organizations can find out more about the upcoming events and register via this link.