August 3, 2017 – Frisco and Dallas, TX – HITRUST and Trend Micro announced today a partnership to create the HITRUST Cyber Threat Management and Response Center, which will expand and enhance the capabilities of the HITRUST Cyber Threat XChange (CTX), the most widely adopted and active cyber threat information sharing organization for the healthcare industry. The new center offers unique capabilities that are a significant advancement in aiding organizations across varying cybersecurity maturity levels to defend against the increasing volume and sophistication of cyber threats.
Today cyber threat information sharing is generally defined in terms of a broad set of activities, ranging from collecting, analyzing and distributing indicators of threats and compromise to education and awareness around cyber hygiene and response. However little consideration is given to the ability of the recipient to consume the information and react, commensurate with the maturity of its information security resources, security technologies and processes, more specifically how the information impacts their ability to mitigate a cyber threat.
For example recent global ransomware events such as WannaCry and Petya left many organizations scrambling to determine their risk and to sort fact from fiction from multiple sources. Through the CTX, HITRUST tracked both outbreaks closely and initiated outreach early after detection to the industry - providing thousands of participants with timely information updated frequently as the threats emerged. In fact the HITRUST CTX reported on WannaCry and distributed the threat indicators almost 14 days prior to the first reported organization impacted. However, despite this early outreach, many organizations were not able to effectively consume and leverage the information and mitigate risk from this cyber threat.
“We need to ensure there are options available to aid organizations regardless of resources in mitigating cyber threats and this requires an investment in significant resources, including hundreds if not thousands of research staff, timely and broad access to IOCs and other cyber threat intelligence, and in-depth knowledge of how organizations respond to cyber threats,” said Roy Mellinger, Vice President and CISO, Anthem and Member, Department of Health and Human Services (HHS) Health Care Industry Cybersecurity Task Force. “The new world class HITRUST Cyber Threat Management and Response Center represents an exponential step forward for the industry and delivers on the information sharing key imperatives outlined in the recent HHS Cybersecurity Task Force report.”
HITRUST has focused the last 18 months on expanding its collection of indicators of threat and compromise through its Enhanced IOC Collection Program, which continues to lead the industry in identification of unique IOCs. HITRUST has also been evaluating opportunities to better serve the industry in cyber threat management and has identified several key areas including - advanced hunting for the latest cyber threats, faster and more detailed analysis, reporting, integration, education and collaboration - all with consideration for organizational maturity. Specifically the HITRUST Cyber Threat Management and Response Center will deliver capabilities to address cyber threat management, defense, and response based on an organization’s cyber maturity level.
After a review and analysis taking into consideration a number of factors (such as costs, skill sets, resources availability and current capabilities in market), HITRUST determined that existing resources already have these capabilities and should not be duplicated and that the best approach was to partner or integrate with a qualified established cyber research lab.
“The HITRUST CTX has established itself as a leader in the collection of threat indicators. Now the focus needs to be ensuring organizations of any cyber maturity can leverage this information in a timely manner,” said Kevin Charest, DSVP and CISO, Health Care Service Corp. “Information sharing has no value if people can’t quickly act upon it, making the HITRUST CTX transition to cyber threat management a crucial step for industry.”
As part of today’s announcement, HITRUST is outlining the Cyber Threat Management and Response Center’s first phase to expand its resources through a partnership and integration with Trend Micro. This partnership will enable unique collaboration and access to world’s best threat research lab to offer:
- Access to additional tens of millions of sensors collecting IOCs, and numerous worldwide labs dedicated to multiple types of cyber research
- Faster, more detailed and more accurate analysis and research geared to varying maturity levels
- Access to more vulnerability and threat information that is specific to the healthcare industry and linked to existing vulnerability and threat research
- Expanding vulnerability information and IOC and TTP linkage with the HITRUST Threat Catalogue
- Resources to provide more responsive community engagement and assistance, including inquiry response and IOC submission analysis
- Better tracking and monthly reporting of cyber threats targeting healthcare information and organizations
“HITRUST, through its framework, cyber threat catalogue, tens of thousands of assessments as well as existing information sharing program understands the challenges organizations face and the role cyber maturity plays in leveraging cyber threat intelligence. This knowledge was key in our unprecedented decision to partner,” said Mike Gibson, Vice President, Threat Research, Trend Micro. “We believe our combined effort will make a positive difference in improving cyber defenses for organizations of all sizes and for our nation’s overall cybersecurity posture”.
“We have been committed to partnering with industry and government for many years to collectively improve the industry’s cyber defenses and resilience,” said Daniel Nutkis, CEO, HITRUST. “We see this latest development as continued validation of the private sector’s commitment and will continue to evaluate areas for improvement and taking action where appropriate.”
The HITRUST Cyber Threat Management and Response Center will be available beginning October 1st. HITRUST will continue to offer basic access to the HITRUST CTX and the new HITRUST Cyber Threat Management and Response Center at no cost.
HITRUST Cyber Snapshot
The HITRUST CSF is the most widely adopted controls framework in the healthcare industry and the basis for the HPH Sector implementation for the NIST Cybersecurity Framework.
The HITRUST CTX supports over 1,600 organizations in cyber information sharing. The Enhanced IOC Collection Program has significantly increased the usability of IOC data and in the latest six-month analysis reported seeing IOCs as early as 150+ days in advance, and on average 21 days in advance, of other exchanges. HITRUST has worked closely and in partnership with government, through the existing programs like the DHS Cyber Information Sharing and Collaboration Program (CISCP) and the DHS Automated Indicator Sharing (AIS).
Trend Micro Threat Research Snapshot
Trend Micro is a global leader in cybersecurity solutions with over 27 years of industry experience and award winning solutions across User Protection, Hybrid Cloud Security and Network Defense.
Trend Micro security research and operations consists of global researchers, engineers, and other experts in various security functions working 24 hours a day, seven days a week to deliver solutions to the plethora of threats that confront users and businesses on a daily basis. This includes:
- The industry’s most respected and prolific broker of responsibly disclosed security vulnerabilities. This award-winning group operates Pwn2Own, the industry’s oldest and most successful vulnerability research competition.
- A 24x7 Global Threat Research and Emergency Response team that is responsible for ongoing population of timely threat intelligence to the Trend Micro Smart Protection Network (SPN). SPN is at the core of Trend Micro solutions to help organizations combat today’s threats. This includes threat hunting operations, rapid response capabilities, and cleanup and remediation services for our customers.
- A global team of researchers tasked with scouting the likely future risks in security focusing primarily on:
- Cybercrime and APT campaign research of threat actors using OSINT and other threat data
- Research into wider attacks in the emerging world of IOT and where old technologies meet with the new
- Exploring how societies changing social use of the web exposes new attacks
- Collaboration with law enforcement agencies during cybercriminal investigations and botnet takedowns