In­tel­li­gence shar­ing, col­lab­o­ra­tion es­sen­tial to elim­i­nate cy­berthreats in health­care

Modern Healthcare - - COMMENT - By Daniel Nutkis

It’s time for a new level of col­lab­o­ra­tion within the health­care in­dus­try to pro­mote and im­prove cy­berthreat pre­pared­ness and re­sponse. There is am­ple ev­i­dence that one of the best ways to rec­og­nize and pre­pare for a cy­ber­breach or other event is to share threat in­tel­li­gence. Pro­tect­ing per­sonal health in­for­ma­tion from cy­berthreats is no ex­cep­tion.

The Health In­for­ma­tion Trust Al­liance, or HITrust, has been an in­dus­try pioneer in cy­berthreat in­for­ma­tion shar­ing among trusted peers. It was the first health­care-based in­for­ma­tion­shar­ing and anal­y­sis or­ga­ni­za­tion, through its Cy­ber Threat XChange (CTX), which is of­fered to all health­care or­ga­ni­za­tions free of charge.

HITrust’s anal­y­sis of ac­tiv­ity through CTX has re­vealed sub­stan­tial gaps in how health­care or­ga­ni­za­tions iden­tify and share cru­cial cy­berthreat in­for­ma­tion, which se­cu­rity pro­fes­sion­als re­fer to as in­di­ca­tors of com­pro­mise, or IOCs. It’s im­por­tant to note that only a small per­cent­age of or­ga­ni­za­tions— just 5%—con­trib­uted th­ese im­por­tant IOCs to the CTX, while 85% of or­ga­ni­za­tions sim­ply iden­ti­fied or re­viewed them dur­ing the same sam­ple pe­riod.

This shows that the vast ma­jor­ity of or­ga­ni­za­tions are ei­ther un­will­ing or un­able to con­trib­ute or share the threat in­di­ca­tors they have iden­ti­fied at their or­ga­ni­za­tions for the greater good of the in­dus­try, yet they want those shared by oth­ers.

The re­sults of this re­port should send a clear mes­sage to ev­ery­one in the health­care in­dus­try to get more en­gaged in pro­grams that in­clude cy­berthreat in­tel­li­gence shar­ing, and help en­sure se­cu­rity is a top pri­or­ity for all stake­hold­ers. We know it’s cer­tainly a high pri­or­ity for the pa­tients they serve.

The mantra for phys­i­cal se­cu­rity is, “If you see some­thing, say some­thing.” The same pos­ture and dili­gence should be adopted in the health­care in­dus­try re­gard­ing cybersecurity.

Pas­sive, weak or a com­plete lack of col­lab­o­ra­tion will sim­ply not help us pro­tect the sa­cred trust that pa­tients have given to their care providers and oth­ers with whom they com­mu­ni­cate their most per­sonal in­for­ma­tion. Ev­ery week, we hear about “bad ac­tors” seek­ing out per­sonal health in­for­ma­tion. We must find a way to work col­lec­tively and to ag­gres­sively out­think and out­ma­neu­ver those bad ac­tors.

Many or­ga­ni­za­tions cite re­source lim­i­ta­tions, le­gal con­cerns, cor­po­rate poli­cies or sim­i­lar con­straints to ex­plain why they don’t share their IOCs with the in­dus­try, but th­ese con­cerns and risks have been ad­dressed in col­lab­o­ra­tion with lead­ing in­dus­try or­ga­ni­za­tions that understand the need and im­por­tance of shar­ing.

Sim­ply put, this is a time for rad­i­cal col­lab­o­ra­tion, where ev­ery­one is proac­tively watch­ing out for ev­ery­one else, not just wait­ing for oth­ers to take the ini­tia­tive. We need both good lead­ers and good col­lab­o­ra­tors.

We, in­di­vid­u­ally and col­lec­tively, know the value of in­for­ma­tion-shar­ing, but with­out full par­tic­i­pa­tion, the im­por­tant ben­e­fits can­not be re­al­ized. That’s why HITrust is is­su­ing a call to ac­tion for our in­dus­try to help ad­vance cy­berthreat in­tel­li­gence shar­ing. How do we do this? Or­ga­ni­za­tions must share cy­berthreat in­di­ca­tors to ful­fill their roles for the ben­e­fit of all. Leg­is­la­tors and gov­ern­ment can help by en­sur­ing that there are ad­e­quate li­a­bil­ity pro­tec­tions and in­cen­tives to en­cour­age the shar­ing of cy­berthreat in­for­ma­tion.

Yes, there are re­source and fi­nan­cial lim­i­ta­tions that must be con­sid­ered, but we need to take ad­van­tage of all op­por­tu­ni­ties to lever­age in­for­ma­tion­se­cu­rity tech­nolo­gies and out­sourced ser­vices, where ap­pro­pri­ate, to raise the bar and im­prove ef­fi­cien­cies.

In ad­di­tion, we must en­hance and im­prove key ar­eas of se­cu­rity and risk man­age­ment, such as:

Adopt­ing more ag­ile in­for­ma­tion­se­cu­rity con­trol frame­works that pro­vide cybersecurity guidance

Syn­chro­niz­ing a wide range of reg­u­la­tions and best prac­tices

Seek­ing bet­ter threat-in­tel­li­gence shar­ing and col­lab­o­ra­tion be­tween gov­ern­ment and the pri­vate sec­tor

Adopt­ing uni­form risk-as­sess­ment guidance to en­sure the ef­fec­tive­ness of se­cu­rity pro­grams

Grant­ing safe har­bors and in­cen­tives for or­ga­ni­za­tions that step up and demon­strate com­pli­ance with rec­og­nized in­for­ma­tion-se­cu­rity frame­works

As with all threats in all in­dus­tries— none more im­por­tant than health­care—rad­i­cal col­lab­o­ra­tion is the key. I am call­ing on ev­ery­one to watch out for each other by get­ting ac­tively en­gaged in cy­berthreat shar­ing, cy­ber-pre­pared­ness and re­sponse ex­er­cises, and par­tic­i­pat­ing in the stan­dards de­vel­op­ment process to im­prove the re­sources avail­able for the ben­e­fit of our in­dus­try and our na­tion.

Re­mem­ber, as it re­lates to pro­tect­ing health in­for­ma­tion, “If you see some­thing, share some­thing.”

In­ter­ested in sub­mit­ting a Guest Ex­pert op-ed? View guide­lines at mod­ern­health­ Send drafts to As­sis­tant Man­ag­ing Ed­i­tor David May at dmay@mod­ern­health­

Daniel Nutkis is the founder and CEO of the Health In­for­ma­tion Trust Al­liance, or HITrust.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.