Latest news with #HITRUSTCSF
Cision Canada
31-07-2025
- Business
- Cision Canada
Threat Analysis Confirms HITRUST e1, i1, and r2 Controls Mitigate the Most Prevalent Attack Techniques in 2025
FRISCO, Texas, July 31, 2025 /CNW/ -- HITRUST, the leader in cybersecurity assurance, today released its Cyber Threat Adaptive (CTA) Update covering the first half of 2025. The analysis validates that the HITRUST CSF® e1, i1, and r2 assessment requirements once again cover 100% of the real-world techniques adversaries used most often from January 1 – June 30, 2025, with no control gaps identified against the five dominant MITRE ATT&CK® techniques. HITRUST's Cyber Threat Adaptive (CTA) program systematically analyzes real-world threat intelligence, breach data, and adversary behavior to ensure that control requirements in the HITRUST CSF remain effective to actual cyber threats. Key findings from the H1 2025 CTA analysis 220,000+ threat indicators compiled from 4,100+ threat-intel articles were mapped to ≈41,000 MITRE ATT&CK technique/mitigation pairs—providing the most complete view yet of attacker behavior in 2025. The e1, i1, and r2 control selections covered 100 % of the top five techniques observed—Phishing (T1566), Drive-by Compromise (T1189), Exploit Public-Facing Application (T1190), Exploitation of Remote Services (T1210), and Event-Triggered Execution (T1546). 435 publicly reported breaches were analyzed; phishing remained the lead initial-access vector, typically resulting in data exfiltration or ransomware deployment. Recommended priority actions include advanced phishing awareness training, timely anti-malware updates, disciplined vulnerability remediation, and comprehensive network/endpoint monitoring. "Attackers don't wait for annual framework updates, so neither can defenders. Our semiannual analysis shows that HITRUST-certified organizations remain a step ahead because their controls evolve at the speed of the threat landscape," said Andrew Russell, Vice President of Standards, at HITRUST. "By mapping more than 220,000 fresh indicators to MITRE ATT&CK, we verified that every high-frequency technique in H1 2025 is mitigated by our e1, i1, and r2 requirements—often by multiple overlapping controls that deliver true defense-in-depth." Why it matters HITRUST's CTA program continuously stress-tests CSF controls against live threat intelligence—ensuring organizations that certify to the e1, i1, or r2 are protected by relevant, reliable, and proven safeguards rather than static "checkbox" frameworks. It also eliminates the need for relying parties to augment a HITRUST assurance report with a questionnaire to ensure it covers relevant and emerging cyber threats as is needed with other assurance reports. This approach underpins HITRUST's commitment to: Relevant Controls – continuously evaluated to ensure effective mitigations against known and emerging cyber threats Reliable Assurance – validated by consistent, rigorous assessment standards Proven Risk Mitigation – fewer than 1% of HITRUST-certified environments reported breaches in the past two years Download the full report A detailed breakdown of technique-to-control mappings, breach case studies, and actionable mitigation guidance is available in the H1 2025 Cyber Threat Adaptive Analysis. About HITRUST HITRUST, the leader in cybersecurity assurance used in risk management and compliance, offers certification programs for the application and validation of security, privacy, and AI controls. Informed by over 60 standards and frameworks, the company's threat-adaptive approach delivers the most relevant and reliable solutions, including multiple selectable and traversable assessments and certifications, an ecosystem of over 100 independent assessment firms, centralized quality reviews, reporting and certification, and a powerful SaaS platform enabling its program and process. For over 17 years, HITRUST has led the assurance industry and today is widely recognized as the most trusted solution to establish, maintain, and demonstrate security capabilities for risk management and compliance. For media inquiries, please contact: Leslie Kesselring Kesselring Communications for HITRUST [email protected] 503-358-1012 SOURCE HITRUST Services Corp.
Associated Press
31-03-2025
- Business
- Associated Press
Precision AQ Earns HITRUST Implemented, 1-year i1 Certification for Data Protection and Cybersecurity Risk Management
HITRUST i1 certification confirms Precision AQ's commitment to protecting sensitive data with leading security practices. NEW YORK, March 31, 2025 /PRNewswire/ -- Precision AQ, a leader in guiding life science organizations through the complexities of product commercialization and empowering access to life-changing medicines for all, announced today that its PatientLens platform has achieved HITRUST certification for system and information security. PatientLens transforms healthcare insights and patient program design by reducing friction in patient services and by delivering timely, actionable information to support decision-making. The platform offers a detailed view of insurance coverage, out-of-pocket costs, and medical or medication history. By leveraging tokenized patient data and advanced analytics, PatientLens helps healthcare organizations optimize patient outreach, prioritize cases, and ensure compliance, driving improved outcomes and operational efficiency. The HITRUST Implemented, 1-Year i1 validated assessment and certification process confirms that the PatientLens platform applies a robust set of HITRUST-curated controls. These controls ensure the organization follows leading security practices and maintains a comprehensive cybersecurity program to defend against cyber threats. HITRUST continuously analyzes cyber threat intelligence to keep its control requirements relevant, helping organizations mitigate emerging risks like phishing, brute force attacks, and ransomware, and supporting organizational resilience. 'The HITRUST i1 validated assessment is a powerful tool for cyber-aware organizations, such as Precision AQ,' said Robert Booker, Chief Strategy Officer at HITRUST. 'This certification assures the measurement, implementation, and performance of robust information security controls. Congratulations to Precision AQ on achieving HITRUST i1 certification for their PatientLens platform, showcasing the operational maturity of their cybersecurity program.' Precision AQ successfully achieved HITRUST CSF certification through a strategic partnership with Coalfire Systems, a leading provider of cybersecurity and compliance solutions. By leveraging Coalfire's deep expertise and proven methodologies, Precision AQ navigated the rigorous certification process with confidence and efficiency. 'Healthcare data reveal some of the most intimate aspects of our lives,' said Aaron Reynolds, Vice President, Security, Data & Consumer Services at Coalfire. 'We are privileged to collaborate with Precision AQ, an organization devoted to advancing access to transformative medical solutions. Our evaluation of their cybersecurity program against HITRUST's rigorous criteria underscores Precision AQ's dedication to mitigating cyber threats and safeguarding sensitive healthcare information. Securing HITRUST i1 certification highlights their unwavering focus on data protection and fostering trust with patients.' To learn more about how Precision AQ is advancing data security and patient-centric solutions, visit About Precision AQ Precision AQ, formerly known as Precision Value & Health, is a trusted partner for life sciences companies, guiding them through the complexities of commercialization across a product's life cycle. With a team of life science experts, advisors, and creative professionals, Precision AQ is dedicated to ensuring patient access to transformative therapies. The company provides a comprehensive range of services, including global pricing and market access strategy, healthcare advertising and marketing, health economics and outcomes research, medical communications and medical affairs, managed markets marketing, market access and data-driven technology solutions, investor relations and external communications, international brand strategy, medical education, learning and development, public relations, patient insights services, and omnichannel engagement strategy and product solutions. For more information, visit
