FRISCO, Texas--(BUSINESS WIRE)--HITRUST applauds the President for focusing his attention on cybersecurity in the early days of the Administration. The Executive Order on Cybersecurity shows how important cybersecurity is and how government and industry must refocus their attention on what matters in an effort to strengthen the nation’s capability to defend its critical infrastructure.
HITRUST fully supports the mandate that our government partners examine their policies and authorities in an effort to identify how those “might be employed to support cybersecurity risk management efforts… .” There are already tremendous efforts underway in the private sector, and HITRUST stands ready to engage to showcase them.
The Executive Order requires a review of “[f]ederal policies and practices to promote appropriate market transparency of cybersecurity risk management practices by critical infrastructure entities… .” HITRUST agrees that nothing could be more important to manage today’s risk.
Included is a plan to require assessments of potential private-sector infrastructure incentives and workforce development.
“Risk management is the key to cybersecurity success, and HITRUST stands ready to help identify and inform what risk management practices should be given priority. In the face of the growing cyber threats to the healthcare industry, HITRUST believes the measures in the Executive Order are needed to encourage best practices, encourage investments in risk management and cyber resilience, and leverage information sharing,” said Daniel Nutkis, CEO, HITRUST.
HITRUST continues to collaborate with the healthcare industry to manage cyber risk and reduce cyber threats through its controls framework, assurance programs, NIST Cybersecurity Framework guidance and cyber information sharing programs. Additionally, the recently developed HITRUST Threat Catalogue affords better visibility into how the HITRUST CSF addresses extant and emerging threats and helps ensure CSF control baselines continue to address risk commensurate with organizational, system and regulatory risk factors.
Founded in 2007, the HITRUST Alliance, a not for profit, was born out of the belief that information protection should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. HITRUST—in collaboration with public and private healthcare technology, privacy and information security leaders—has championed programs instrumental in safeguarding health information and managing information risk while ensuring consumer confidence in the organizations that create, store or exchange their information.
HITRUST develops, maintains and provides broad access to its common risk and compliance management and de-identification frameworks, and related assessment and assurance methodologies, as well as programs supporting cyber sharing, analysis and resilience. HITRUST also leads many efforts in advocacy, awareness and education relating to information protection.
For more information, visit www.HITRUSTalliance.net.