360 Advanced Advises Data Managers to Understand HITRUST® Threat Catalogue As Risks Grows

Image of empty boardroom for a article discussing 360 Advanced Advises Data Managers to Understand HITRUST

HITRUST’S recently released Threat Catalogue provides healthcare organizations and other firms with visibility into cyber risks to their information, assets, and operations.

IT security and compliance firm 360 Advanced, on a mission to deliver exceptional value to its clients and potential clients, urges executives and compliance specialists in the data management industry to examine the

Threat Catalogue’s contents and make necessary changes to reduce risk.

The HITRUST Threat Catalogue identifies technical, physical, and administrative controls to address these risks and improve an organization’s ability to manage threats and prioritize security resources.

HITRUST explained that identifying threats is an important part of a comprehensive risk analysis process to protect sensitive data, such as Protected Health Information (PHI).

Here are some additional links recommended by 360 Advanced that are informational and educational.

  • CMS Would Drop Security Risk Analysis from Interoperability Score
  • HIPAA Security Rule Risk Analysis Remains Source of Confusion
  • CMS Updates Security Risk Analysis Procedure
  • Improving Cloud Security with a Shared Responsibility Model | Microsoft

Cyber Threat Identification Process

The threat identification process determines what cyber events must be controlled by the organization. For example, the increased frequency of ransomware attacks requires organizations to re-examine their controls around data backup and restoration and ensure they could successfully recover their data if such an attack occurred.

“Unfortunately, a comprehensive threat list that could support risk analysis and help organizations better understand and mitigate threats to sensitive information was essentially unavailable,” said Mike Parisi, HITRUST Vice President, Assurance Strategy & Community Development.

“Given its significance to the risk management process, we invested years identifying a complete set of threats at a level consistent with the controls used to address them.”

HITRUST said the catalogue is designed to align cyber-threats with the HITRUST CSF® control requirements. HITRUST CSF provides organizations with a structured, comprehensive approach to regulatory compliance and risk framework.

The alignment of threats to the HITRUST CSF simplifies the risk analysis process for organizations and reduces some of the burden and costs associated with this level of analysis, Parisi explained.

To learn more about the HITRUST certification process, contact 360 Advanced.

Let’s Get Started

Facing compliance, cybersecurity, or privacy challenges? We’re here for you. Share a few details, and we’ll get back to you within 24 hours with the guidance you need.

Central Avenue

Suite 2100

St. Petersburg, FL 33701

(866) 418-1708
info@360advanced.com

Developing, maintaining, and communicating security and compliance to your clients is convenient and cost-effective.