HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

HHS Offers Funding to Improve Healthcare Threat Intelligence Sharing

Cybercriminals are conducting increasingly sophisticated attacks on healthcare organizations and the number of threats each organization has to deal with has increased significantly in recent years. Criminal attacks on healthcare organizations have increased by 125% in the past five years and cyber-attacks are now the biggest cause of healthcare data breaches. Healthcare organizations now face an uphill battle to keep health data private.

While large healthcare organizations can obtain timely threat intelligence, smaller organizations often lack the necessary resources to commit to cybersecurity defenses, let alone employ the staff to keep abreast of the latest threats.

Many healthcare organizations simply do not have access to up to date intelligence on the latest cybersecurity threats. It is therefore difficult for them to make informed decisions on the best steps to take to prepare for cyberattacks.

The Department of Health and Human Services is well aware of the problems some healthcare organizations experience when it comes to obtaining threat intelligence, and how critical it is to have better visibility into the latest threats. Armed with the knowledge of the latest threats to data security, smaller healthcare organizations can put limited funds to the best possible use.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

As Karen DeSalvo – National Coordinator for Health Information Technology of the Office of the National Coordinator for Health Information Technology (ONC) – explained in a recent press release, “Establishing robust threat information sharing infrastructure and capability within the Healthcare and Public Health Sector is crucial to the privacy and security of health information, which is foundational to the digital health system.”

To improve information sharing, the ONC and Assistant Secretary for Preparedness and Response (ASPR) have committed to providing funds to improve healthcare threat intelligence sharing. Two grants totaling $250,000 have now been made available for an Information Sharing and Analysis Organization (ISAO) for the Healthcare and Public Health sector, with a commitment to provide up to $250,000 per year for the next five years.

According to DeSalvo, the aim is to develop a coordinated resource that will “focus on sharing the most up-to-date threat information across the health and public health sectors, and will better equip health systems to identify potential threats and further protect electronic health information.”

The ONC is looking for an existing sector-specific ISAO or Information Sharing and Analysis Center (ISAC) to use the funding to expand operations and bi-directionally exchange threat intelligence between the HHS and the Healthcare and Public Health sector.

The ONC and ASPR require the ISAO/ISAC to provide timely and up to date information on the latest cyber threats to the entire healthcare and public health sector and to expand outreach and education activities on cybersecurity. The aim is to make sure that timely threat intelligence is provided to all healthcare organizations – regardless of size – and to equip stakeholders to take action and respond to the latest threats.

Organizations can find out more about the available grants at www.grants.gov

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.