Karen B. DeSalvo, National Coordinator for Health Information Technology of the Office of the National Coordinator for Health Information Technology, has announced that two new funding opportunities now exist for a healthcare Information Sharing and Analysis Organization (ISAO) for the Healthcare and Public Health sector.
Cyberattacks on the healthcare industry have increased significantly in recent months as criminals attempt to gain access to protected health information and extort money out of healthcare companies using ransomware. While employee negligence and lost and stolen portable devices used to be the main causes of healthcare data breaches, the Ponemon Institute has reported that criminal cyber-attacks on healthcare organizations are now the biggest cause of PHI breaches. Criminal cyberattacks on healthcare organizations have increased a staggering 125% in the past 5 years.
Role of the Healthcare Information Sharing and Analysis Organization
In order to prevent healthcare cyberattacks it is essential that threat intelligence is shared among private and public health organizations. In order to mount a defense against cyber-attacks, organizations must be made aware of the most serious threats. If timely information is issued on the latest threats, healthcare organizations can take steps to improve their defenses.
In order to improve threat intelligence sharing, the Assistant Secretary for Preparedness and Response (ASPR) and the U.S. Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC) have released two new funding opportunities. The aim of the funding is to increase the capacity of a healthcare Information Sharing and Analysis Organization.
The healthcare Information Sharing and Analysis Organization will be responsible for issuing warnings about new potential cyber threats and will develop new initiatives to improve general awareness of cyber security issues. The information shared by the ISAO will enable the healthcare and the public health sector to take action and rapidly respond to the latest security threats.
Large healthcare organizations employ skilled cyber security staff and have access to the latest security technology, but the same is not necessary the case for smaller healthcare organizations. One of the main roles of the ISAO will be to ensure that threat intelligence is shared throughout the healthcare and public health sector. Organizations large and small should receive threat intelligence to enable action to be taken to deal with the latest security threats
When the HHS becomes aware of new threats, information will be shared with the ISAO which will disseminate that information. This streamlined and efficient response will help to ensure that organizations are provided with threat intelligence in a timely fashion.
“Establishing robust threat information sharing infrastructure and capability within the Healthcare and Public Health Sector is crucial to the privacy and security of health information, which is foundational to the digital health system.” Said DeSalvo.
$250,000 will be made available in the first year for the healthcare Information Sharing and Analysis Organization, and potentially that sum will also be made available every year for the next five years.