HITRUST Helps Anthem, Others in Initial Hack Investigation

Early in its investigation of a major cyber attack, health insurer Anthem shared much of what it knew with other health industry stakeholders, all of whom participate in the HITRUST Cyber Threat Intelligence and Incident Coordination Center, or HITRUST C3.

By sharing data that indicated compromises, such as MD5 hashes, IP addresses and threat actor email addresses, other stakeholders were able to help Anthem quickly determine that the attack was specific to the insurer and not also targeting other organizations in the industry.

“Upon further investigation and analysis, it is believed to be a targeted advanced persistent threat actor,” according to a statement from HITRUST, a health industry security consortium. “With that information, HITRUST determined it was not necessary to issue a broad industry alert.”

HITRUST offers a range of security services and platforms to aid stakeholders in collaborating to better secure protected health information. In addition to C3, these services include free monthly healthcare cyber threat briefings in collaboration with the Department of Health and Human Services, the Common Security Framework of best practices, and the conducting of mock cyber attack exercises to assess how well organizations recognize an attack and respond to it. More than 700 stakeholders have participated in the mock attacks.

Additional information is available here.

This story first appeared on the Health Data Management web site.