The U.S. Healthcare and Public Health Sector Coordinating Council (HSCC) has published a new resource to help healthcare organizations start participating in threat intelligence sharing and stay abreast of the latest cybersecurity threats affecting the healthcare sector.
Many healthcare organizations understand the importance of cybersecurity information sharing but have yet to make a start. Getting started can be somewhat daunting, as there are many different information sharing organizations and each plays a different role.
Healthcare organizations need to choose the best organizations to sign up with and engage in a way that reduces cybersecurity risks. The new resource is intended to help healthcare organizations get started and engage in a meaningful way.
The new Health Industry Cybersecurity Matrix of Information Sharing Organizations (HIC-MISO) consists of a list of 25 cybersecurity information sharing organizations in the United States that provide threat intelligence, together with details of the services that each provides, and the amount each charges for its services. The list includes 9 organizations that provide healthcare-specific information and 16 that provide more general cybersecurity information.
The need to engage with these organizations and take a proactive approach to cybersecurity has never been more important. The healthcare industry is being extensively targeted by hackers and scammers and data breaches are happening at unprecedented rates. In order to repel these attacks, organizations need to build awareness and preparedness through community engagement and the HIC-MISO steers healthcare organizations in the right direction.
The HSCC compiled the list in response to a recommendation made by the Department of Health and Human Services’ Healthcare Industry Cybersecurity Task Force in 2017 to help the healthcare industry improve cybersecurity information sharing. While many large health systems have already started information sharing programs, many smaller healthcare organizations have struggled as they lack the resources to engage with these organizations and act on the information that is being shared.
When compiling the new guide, HSCC considered organizations with a broad range of budgets and capabilities to ensure that healthcare organizations of all sizes can begin working with cybersecurity information sharing organizations and establish an information sharing management structure to suit their resources and risk profiles.
This is the 4th healthcare cybersecurity resource to be issued by the HSCC this year and joins the Health Industry Cybersecurity Practices (HICP) guidance, the Medical Device Joint Security Plan, the Health Industry Cybersecurity Workforce Development Guide.