Share this article on:
The Healthcare and Public Health Sector Coordinating Council (HSCC) has published best practices for cyber threat information sharing. The new guidance document is intended to help healthcare organizations develop, implement, and maintain a successful cyber threat information sharing program to reduce cyber risk.
The new document builds on previously published guidance – the Health Industry Cybersecurity Matrix of Information Sharing Organizations (HIC-MISO) – in which HSCC identified key Information Sharing and Analysis Organizations (ISAOs) for the healthcare sector. The latest guidance document helps organizations determine what information to share, how to share the information, and how to protect any sensitive information they receive, as well as providing best practices for obtaining internal and legal approvals for information sharing processes.
One of the main benefits of participating in these programs is to learn about possible attacks and the mitigations to implement to avoid becoming a victim. If an attack occurs at one healthcare organization, it is probable that similar attacks will be performed on others. Through threat information sharing, healthcare organizations can learn from others about attacks and mitigations so they can prepare and improve their own security posture. This is especially important for healthcare organizations with limited resources to devote to cybersecurity as it allows them to crowd source cybersecurity expertise.
The threat landscape evolves at a rapid pace and new attack methods are constantly being developed by cybercriminals. Cyber threat intelligence sharing programs help participants keep abreast of new attack methods and take steps to reduce risk through rapid sharing of actionable intelligence. Cross-organizational collaboration also helps to improve patient safety through the development of trusted networks that help manage potential threats.
The guidance document helps organizations get started by outlining the steps that need to be taken to prepare before joining a threat information sharing program. Preparation requires information sharing goals and objectives to be established, as well as governance models for regulatory compliance. Information sharing assets must be categorized, a governance body must be created, and sanitization rules must be established. HSCC recommends involving the legal department early in the information sharing process and making sure the value and scope of information sharing is understood.
The HSCC cyber threat information sharing guidance details the types of information that should be shared, such as strategic, tactical, operational, and technical intelligence, as well as open source data and incident response information. “While some may believe that threat intelligence only includes information about malware, hacking techniques, and threat actors – threat intelligence data truly comes in a variety of forms and should encompass all cyber risk that could impact the health industry, such as third-party risks, insider threats, cybersecurity risks, regulatory risks, and geopolitical risks,” explained HSCC.
The guidance also details best practices for sharing information, such as using the traffic light protocol and ensuring legal protections are in place to protect against any liability, and also provides advice on who to share threat data with. The document concludes with case studies showing how information can be shared to benefit the information sharing community and protect against attacks.
The HSCC best practices for cyber threat information sharing can be downloaded on this link.