A recent Health Information Trust Alliance (HITRUST) pilot project indicates the sharing of threat intelligence by healthcare organizations is an important way of reducing cybersecurity risk. The pilot shows that by sharing “timely, consumable, [and] actionable” threat information to a wide audience, a valuable resource can be created that can be used to defend the entire healthcare ecosystem from cyberattacks.
In a recent press release, HITRUST revealed that its latest pilot project was hugely successful and has prompted the HITRUST to expand its Enhanced IOC Collection program to include any organization willing to participate. An additional 30 organizations – 15 health systems and 15 health plans – will be given Trend Micro’s Deep Discovery Technology and will be integrated within the HITRUST Cyber Threat Xchange (CTX). This will enable the healthcare organizations to collect cyber threat data more easily, and distribute information more rapidly.
HITRUST announced that 100% of the Enhanced IOC Collection pilot group members submitted Indicators of Compromise (IOCs) during the 30-day period of the pilot; the first time that all members have participated. Previously, only around 5% of members had submitted IOCs.
IOCs are data that show that a threat actor has either gained access to systems or is operating in the target environment. IOCs include factual data as well as context and metadata that allow the information to be processed and understood.
During the pilot, 88% of the submitted IOCs had not previously been identified by any open source. HITRUST reports that the IOCs were submitted, on average, 1.2 days prior to them being seen on the DHS Cyber Information Sharing and Collaboration Program (CISCP) or via any other open source.
95% of the IOCs submitted to the HITRUST Cyber Threat Xchange (CTX) included the necessary metadata to allow action to be taken by organizations to deal with the threats. Previously only half of IOCs contained the necessary data to allow action to be taken.
While it is important for large healthcare organizations to share IOCs, HITRUST explained that it is also valuable to receive threat information from smaller healthcare organizations. HITRUST suggests that threat information should be shared regardless of size, intelligence appetite, or security maturity of the organization.
According to HITRUST CEO, Daniel Nutkis, “Innovating and ensuring IOC sharing is providing the most value to the broadest group of constituents to help the healthcare industry reduce overall cyber risk.”