Intelligence sharing, collaboration essential to eliminate cyberthreats in healthcare
It’s time for a new level of collaboration within the healthcare industry to promote and improve cyberthreat preparedness and response. There is ample evidence that one of the best ways to recognize and prepare for a cyberbreach or other event is to share threat intelligence. Protecting personal health information from cyberthreats is no exception.
The Health Information Trust Alliance, or HITrust, has been an industry pioneer in cyberthreat information sharing among trusted peers. It was the first healthcare-based informationsharing and analysis organization, through its Cyber Threat XChange (CTX), which is offered to all healthcare organizations free of charge.
HITrust’s analysis of activity through CTX has revealed substantial gaps in how healthcare organizations identify and share crucial cyberthreat information, which security professionals refer to as indicators of compromise, or IOCs. It’s important to note that only a small percentage of organizations— just 5%—contributed these important IOCs to the CTX, while 85% of organizations simply identified or reviewed them during the same sample period.
This shows that the vast majority of organizations are either unwilling or unable to contribute or share the threat indicators they have identified at their organizations for the greater good of the industry, yet they want those shared by others.
The results of this report should send a clear message to everyone in the healthcare industry to get more engaged in programs that include cyberthreat intelligence sharing, and help ensure security is a top priority for all stakeholders. We know it’s certainly a high priority for the patients they serve.
The mantra for physical security is, “If you see something, say something.” The same posture and diligence should be adopted in the healthcare industry regarding cybersecurity.
Passive, weak or a complete lack of collaboration will simply not help us protect the sacred trust that patients have given to their care providers and others with whom they communicate their most personal information. Every week, we hear about “bad actors” seeking out personal health information. We must find a way to work collectively and to aggressively outthink and outmaneuver those bad actors.
Many organizations cite resource limitations, legal concerns, corporate policies or similar constraints to explain why they don’t share their IOCs with the industry, but these concerns and risks have been addressed in collaboration with leading industry organizations that understand the need and importance of sharing.
Simply put, this is a time for radical collaboration, where everyone is proactively watching out for everyone else, not just waiting for others to take the initiative. We need both good leaders and good collaborators.
We, individually and collectively, know the value of information-sharing, but without full participation, the important benefits cannot be realized. That’s why HITrust is issuing a call to action for our industry to help advance cyberthreat intelligence sharing. How do we do this? Organizations must share cyberthreat indicators to fulfill their roles for the benefit of all. Legislators and government can help by ensuring that there are adequate liability protections and incentives to encourage the sharing of cyberthreat information.
Yes, there are resource and financial limitations that must be considered, but we need to take advantage of all opportunities to leverage informationsecurity technologies and outsourced services, where appropriate, to raise the bar and improve efficiencies.
In addition, we must enhance and improve key areas of security and risk management, such as:
Adopting more agile informationsecurity control frameworks that provide cybersecurity guidance
Synchronizing a wide range of regulations and best practices
Seeking better threat-intelligence sharing and collaboration between government and the private sector
Adopting uniform risk-assessment guidance to ensure the effectiveness of security programs
Granting safe harbors and incentives for organizations that step up and demonstrate compliance with recognized information-security frameworks
As with all threats in all industries— none more important than healthcare—radical collaboration is the key. I am calling on everyone to watch out for each other by getting actively engaged in cyberthreat sharing, cyber-preparedness and response exercises, and participating in the standards development process to improve the resources available for the benefit of our industry and our nation.
Remember, as it relates to protecting health information, “If you see something, share something.”
Interested in submitting a Guest Expert op-ed? View guidelines at modernhealthcare.com/op-ed. Send drafts to Assistant Managing Editor David May at dmay@modernhealthcare.com.