HITRUST’S recently released Threat Catalogue provides healthcare organizations and other firms with visibility into cyber risks to their information, assets, and operations.
IT security and compliance firm 360 Advanced, on a mission to deliver exceptional value to its clients and potential clients, urges executives and compliance specialists in the data management industry to examine the Threat Catalogue’s contents and make necessary changes to reduce risk.
The HITRUST Threat Catalogue identifies technical, physical, and administrative controls to address these risks and improve an organization’s ability to manage threats and prioritize security resources.
HITRUST explained that identifying threats is an important part of a comprehensive risk analysis process to protect sensitive data, such as Protected Health Information (PHI).
Here are some additional links recommended by 360 Advanced that are informational and educational.
- CMS Would Drop Security Risk Analysis from Interoperability Score
- HIPAA Security Rule Risk Analysis Remains Source of Confusion
- CMS Updates Security Risk Analysis Procedure
- Improving Cloud Security with a Shared Responsibility Model | Microsoft
Threat Identification Process
The threat identification process determines what cyber events must be controlled by the organization. For example, the increased frequency of ransomware attacks requires organizations to re-examine their controls around data backup and restoration and ensure they could successfully recover their data if such an attack occurred.
“Unfortunately, a comprehensive threat list that could support risk analysis and help organizations better understand and mitigate threats to sensitive information was essentially unavailable,” said Mike Parisi, HITRUST Vice President, Assurance Strategy & Community Development.
“Given its significance to the risk management process, we invested years identifying a complete set of threats at a level consistent with the controls used to address them.”
HITRUST said the catalogue is designed to align cyber-threats with the HITRUST CSF® control requirements. HITRUST CSF provides organizations with a structured, comprehensive approach to regulatory compliance and risk framework.
The alignment of threats to the HITRUST CSF simplifies the risk analysis process for organizations and reduces some of the burden and costs associated with this level of analysis, Parisi explained.
To learn more about the HITRUST certification process, contact 360 Advanced.