Page 6 - April 2017 Newspaper
P. 6
Coming Soon: BY BDO HEALTHCARE PRACTICE LEADERS
HITRUST Threat Catalogue
to Comprehensively Address
Risks to PHI
From “repeal and replace” to blocked mega-mergers, almost nothing about the
healthcare industry in 2017 is guaranteed.
But there is one thing you can count on—the cyber threats healthcare organizations
dealt with in 2016 are here to stay. In fact, we believe they are going to get a whole lot
worse. Alfredo Cepero Angelo Pirozzi Jeffrey Kramer
In the first 30 days of 2017, the Department of Health and Human Services’ Office
for Civil Rights disclosed 10 healthcare data breaches, affecting nearly 25,000 individ-
uals. Concurrently, HHS OCR has lowered its threshold for investigation of healthcare
record breaches and possible enforcement action to cases involving as few as 500 will be a “living document” due to the constantly changing threat environment,
records. including planned improvements to better facilitate risk analyses and the consump-
Healthcare has a more complex challenge than many other industries for one big tion of threat intelligence.
reason: the Health Insurance Portability and Accountability Act (HIPAA). Cyber risk Governing chairs of the HITRUST CSF Threat Catalogue Working Group include:
management can feel like an impossible choice between compliance and security. The Kevin Charest, Ph.D., DSVP and CISO, Health Care Service Corporation; Bryan Cline,
challenge boils down to lack of guidance on how organizations should interpret “rea- Ph.D., VP, Standards and Analytics, HITRUST; Roy Mellinger, VP, IT Security and
sonable and appropriate safeguards” and “adequate protection,” and what constitutes CISO, Anthem, Inc.; John Riggi, Head of Cybersecurity & Financial Crimes, BDO
a valid risk analysis. Consulting.
That’s where a risk-based control framework comes in. The HITRUST CSF—the HITRUST will also issue advisories to provide more granular intelligence on actual,
most widely adopted security framework in the U.S. healthcare market—integrates immediate threats and corresponding security controls.
requirements from multiple, relevant standards and best practices to sets an industry The Threat Catalogue will be available in March. For more information, check out
standard of due care and baseline set of controls that, importantly, are tailored by spe- the official announcement from HITRUST or visit https://hitrustalliance.net/threat-
cific organizational, system and regulatory risk factors. catalogue/.
In other words, it helps facilitate HIPAA compliance and cyber readiness.
The problem with any cyber framework, however, is that it’s relatively static, and For more information on BDO’s
typically updated based on historical breach data and lessons learned instead of for- Healthcare and Cybersecurity services,
ward-looking information. Security controls are meant to address specific risks posed please contact:
by specific threats, which are constantly changing. Alfredo Cepero,
To help enhance the framework’s responsiveness to the dynamic threat landscape, Office Managing Partner -
BDO is proud to be working closely with HITRUST and other industry leaders to 305-420-8006/ acepero@bdo.com
develop the Threat Catalogue, a comprehensive taxonomy for common threats Angelo Pirozzi, Partner -
mapped to specific CSF controls designed to counter cyber threats and protect elec- 646-520-2870 / apirozzi@bdo.com
tronic Personal Health Information (ePHI) and other types of sensitive data held by Jeffrey Kramer, Partner -
healthcare organizations such as personally identifiable information (PII), Payment 954 626-2921 / jkramer@bdo.com
Card Information (PCI) and research data. HITRUST anticipates the Threat Catalogue
FOUNDING SPONSOR
20
YEARS
HEROES ® AWARD PRESENTING SPONSORS
TH
20 ANNIVERSARY AWARDS LUNCHEON
SINCE 1980
May Jungle Island
SAVE THE DATE Treetop Ballroom SILVER SPONSORS
9
REGISTRATION OPEN 11:30 a.m. Registration
12:00 p.m. Luncheon
Register Online at www.MiamiChamber.com
$85 per person | $850 table of 10 BRONZE SPONSOR
SPONSORSHIP OPPORTUNITIES AVAILABLE
For information contact: Tania Valenzuela, 305-577-5491 | tvalenzuela@miamichamber.com
WHO IS A HEALTH CARE HERO?
An individual, organization, professional, student, volunteer or program, who, through their individual or collective
actions have made an extraordinary impact in the South Florida health care community. The nominee might be
working in one of the following fields: bio-medical, community health, education, private practice, government,
public service or the news media.
Their acts of heroism represent a display of dedication to excellence in their area of expertise beyond the scope
of their jobs. Through their commitment to their profession and community, they serve as an inspiration to others
in an effort to improve the quality of health care and discover new ways to assist those in need.
For information and sponsponsorship opportunities, contact Tania Valenzuela, 305-577-5491 | tvalenzuela@miamichamber.com or visit www.MiamiChamber.com.
6 April 2017 southfloridahospitalnews.com South Florida Hospital News
