A Weekend in Incident Response #30: New Cybersecurity Center Promises to Help U.S. Healthcare Sector Improve Their Cyber Resilience

In light of the increased frequency of cyber attacks against health care institutions in the United States and around the globe, the recent announcement from U.S. Department of Health and Human Service (HHS) regarding the launch of a dedicated cybers ecurity center gives hope to security practitioners in this sector that they will soon be able to improve their cyber resilience against the escalating cyber threats.

The Health Cybersecurity and Communications Integration Center (HCCIC), scheduled to reach initial operating capability before the end of June, is modeled on the Department of Homeland Security’s (DHS) National Cybersecurity and Communications Integration Center. Christopher Wlaschin, the CISO at the U.S. HHS, identified the key goals of the HCCIC as trying to “reduce the noise about cyber threats in the health care industry” and to “improve the ability of health care institutions to protect against cyber attacks.”

Mobile Health Applications and Growing Ransomware Attacks Raise Concerns

The imputes for this center are twofold: first, the exploding rate of ransomware attacks on health care organizations in recent years, and second, the increased exposure to cyber attacks brought about by the growing adoption of mobile health applications. Together these developments have pushed the government to take more decisive action to help the health care sector build more effective cyber resilience systems.

Information Sharing and Best Practices

Information collaboration and analysis of cyber threat intelligence will be at the forefront of the activities undertaken by the new center. Sharing cyber threat intelligence within an industry sector and between private companies and authorities is a significant part of overall efforts for improving the preparedness of an organization to promptly and effectively respond to cyber incidents. However, this sharing of intelligence can often also create a torrent of noise, rendering it difficult for security practitioners to discern credible information on what actually constitutes a potential threat to the cyber security of their organization. Antithetically, unfiltered intelligence sharing can actually prevent a faster and more effective response.

For this reason, organizations require a programmatic solution to help them share only the essential information related to cyber threats, past and current, and the cyber security events they have already faced. The prescribed solution is an automation and orchestration platform that has the built-in capability to integrate with threat intelligence sharing platforms such as STIXTAXII or Splunk, to name a few. This customizable platform can enable organizations within the health care sector to: share operational intelligence related to cyber security events in a secure and efficient manner; eliminate the risk of sharing any confidential company or patient data; and, cut out the noise from irrelevant information that so plagues intelligence sharing today.

In this new reality, where new and ever more sophisticated threats loom large on the horizon, health care organizations that choose to implement a cyber incident response platform with these built-in threat intelligence capabilities will do so knowing they have taken a big step forward to ensuring the protection of valuable business information, and confidential and sensitive patient data.