HSCC updates its guidance on information sharing

The Healthcare and Public Health Sector Coordinating Council Cybersecurity Working Group issued an updated version of its “Health Industry Cybersecurity Information Sharing Best Practices” guide (HIC-ISBP) to help healthcare organizations build and support their cybersecurity threat information sharing programs.  

“Threat intelligence is one of the most important data types to information-sharing programs.

  “[…] threat intelligence data truly comes in a variety of forms and should encompass all risk vectors that could impact the healthcare industry, such as third-party risks, insider threats, cybersecurity risks, regulatory risks, and geopolitical risks,” the document states.  

The updated guide identifies a new information sharing category, called “Threat Defender Content and Resources Sharing,” and various other categories of threat intelligence designed to help organizations frame their internal information sharing programs:   

  • Strategic intelligence  
  • Tactical intelligence 
  • Operational intelligence  
  • Open-source intelligence 

 The HIC-ISBP is a companion document to the recently updated “Matrix of Information Sharing Organizations,” which provides healthcare organizations with a matrix database of reputable information sharing entities.  

“Information sharing programs, when done properly, produce significant benefit at low risk for the organizations that participate,” said Errol Weiss, chief security officer of Health-ISAC, in an accompanying press release.

Emily Phelps, Director, Cyware has this to say:   

“Threat intelligence is necessary to take a more proactive security posture. The types of threat intelligence outlined are important. How intelligence is managed, prioritized, and shared is also critical to understand. We must ensure threat intelligence gets to the right people at the right time so as not to delay meaningful action.”

Stephen Gates, Principal Security SME, Horizon3.ai follows up with this:   

“Information sharing among healthcare organizations makes a great deal of sense, but the challenge with any threat intelligence is how to put it into action. Most would agree that raising the situational awareness of security practitioners, leaders, and decision makers can influence their security-related decisions in a positive fashion.    

“However, we see healthcare organizations wanting to gain more intelligence about their “own” exploitable attack surface. They want to know where their most critical vulnerabilities are, lying in wait, ready to be exploited, and leveraged for a successful breach or ransomware attack. Gaining “internal exploitability intelligence” is high on the radar for the healthcare industry since this form of intelligence can be put into action to measurably reduce risk.” 

Ted Miracco, CEO, Approov Mobile Security concludes with this comment:   

“Healthcare organizations are facing a wide range of cybersecurity threats, including phishing attacks, ransomware attacks, unsecured APIs connected to medical devices, and supply chain attacks.    

“The HIC-ISBP guide is a significant step towards improving cybersecurity in the healthcare industry. By addressing barriers to threat intelligence sharing this guide can help healthcare organizations to maintain a robust cybersecurity program by more rapidly responding to incoming threat information.”

The more info that is shared means that attacks could be less successful. Thus this is a good thing. But only if this information is actioned effectively.

Leave a Reply

%d bloggers like this: