With cybersecurity an increasing concern for healthcare organizations of all types, a health IT security organization is trying to help smaller physician practices respond to the threat.
The Health Information Trust Alliance (HITRUST), developer of a framework for health data security, on Thursday is launching HITRUST CyberAid, a package of products, services and processes that even small healthcare providers can afford and manage. CyberAid is designed for medical practices with no more than 75 employees.
When Investment Rhymes with Canada
Canada has a proud history of achievement in the areas of science and technology, and the field of biomanufacturing and life sciences is no exception.
“The premise was that we needed a solution that was easy to deploy, easy to operate, but at a high level of effectiveness,” Daniel Nutkis, CEO of Frisco, Texas-based HITRUST, said. “I think we’re on to something.”
HITRUST initially is deploying CyberAid to about 80 small and medium-sized practices, each with 15 physicians or fewer. At launch, the technology and service bundle consists of a Trend Micro network security appliance, Trend Micro Cloud Edge security software, malware monitoring services and technical support.
“We worked with [Trend Micro] to integrate it with our CyberThreatXChange,” HITRUST’s monitoring platform, Nutkis said.
HITRUST is charging $25 to $60 per user annually, essentially covering its costs. “There’s no margin on this,” Nutkis said.
The cybersecurity group expects to expand CyberAid offerings to include other products and services meeting certain criteria. HITRUST said it will evaluate other technology based on the ability to mitigate risks, suitability for small organizations, affordability and support for reporting malware and attempted hacks so others are aware of threats.
HITRUST isn’t aware of any statistics on hacks and breaches targeting smaller physician practices, but in a test a few months ago, the organization installed breach protection systems in small and medium-sized hospitals. “We found malware at 52 percent of them,” Nutkis reported.
Small practices simply don’t have as much data on malware as integrated health systems. “It’s hard to report what you don’t know,” Nutkis said. “They also don’t have the resources to recover” from a breach, he added.
CyberAid will offer recovery services as an option.
HITRUST piloted the technology at Children’s Health in Dallas, which hosts electronic health records for independent medical groups. Children’s is providing support for CyberAid as the cybersecurity program is rolled out.
“Identifying solutions that address current and evolving cyber threats—not to mention implementing and managing these solutions—is daunting for a small practice,” Children’s Health Chief Strategy Officer Pete Perialas said in a HITRUST press release. “Participating in current models of cyber threat sharing can be prohibitive, whereas CyberAid puts these levels of protection within reach.”
Following the initial rollout, HITRUST will allow other practices to subscribe to CyberAid starting next month.
Photo: Bigstock
