The new initiative aims to takes the guesswork out readiness, articulating threats, mapping them to CSF controls and giving healthcare organizations a blueprint for better cybersecurity posture.
In an effort to improve visibility into data security threats and help healthcare organizations manage security strategies with that knowledge, HITRUST has put together what it calls a Threat Catalogue, based on risk factors and controls of its Common Security Framework.
HITRUST helps healthcare groups meet the HIPAA requirement to “conduct an accurate and thorough assessment of the potential risks and vulnerabilities” to its patient data. Its CSF framework is based on risk analyses performed by representative healthcare organizations and the underlying risk analyses used to produce ISO 27001 control recommendations, NIST SP 800-53 control baselines and other control-based frameworks.
“HITRUST actively solicits industry input on potential changes and updates to the HITRUST CSF and, unlike other frameworks, updates the CSF no less than annually,” said Bryan Cline, vice president, Standards and Analytics at HITRUST.
Read full article at Healthcare IT News>>