It's time for a new level of collaboration within the healthcare industry to promote and improve cyberthreat preparedness and response. There is ample evidence that one of the best ways to recognize and prepare for a cyberbreach or other event is to share threat intelligence. Protecting personal health information from cyberthreats is no exception.
The Health Information Trust Alliance, or HITrust, has been an industry pioneer in cyberthreat information sharing among trusted peers. It was the first healthcare-based information-sharing and analysis organization, through its Cyber Threat XChange (CTX), which is offered to all healthcare organizations free of charge.
HITrust's analysis of activity through CTX has revealed substantial gaps in how healthcare organizations identify and share crucial cyberthreat information, which security professionals refer to as indicators of compromise, or IOCs. It's important to note that only a small percentage of organizations—just 5%—contributed these important IOCs to the CTX, while 85% of organizations simply identified or reviewed them during the same sample period.
This shows that the vast majority of organizations are either unwilling or unable to contribute or share the threat indicators they have identified at their organizations for the greater good of the industry, yet they want those shared by others.
The results of this report should send a clear message to everyone in the healthcare industry to get more engaged in programs that include cyberthreat intelligence sharing, and help ensure security is a top priority for all stakeholders. We know it's certainly a high priority for the patients they serve.
The mantra for physical security is, “If you see something, say something.” The same posture and diligence should be adopted in the healthcare industry regarding cybersecurity.
Passive, weak or a complete lack of collaboration will simply not help us protect the sacred trust that patients have given to their care providers and others with whom they communicate their most personal information. Every week, we hear about “bad actors” seeking out personal health information. We must find a way to work collectively and to aggressively outthink and outmaneuver those bad actors.
Many organizations cite resource limitations, legal concerns, corporate policies or similar constraints to explain why they don't share their IOCs with the industry, but these concerns and risks have been addressed in collaboration with leading industry organizations that understand the need and importance of sharing.
Simply put, this is a time for radical collaboration, where everyone is proactively watching out for everyone else, not just waiting for others to take the initiative. We need both good leaders and good collaborators.
We, individually and collectively, know the value of information-sharing, but without full participation, the important benefits cannot be realized. That's why HITrust is issuing a call to action for our industry to help advance cyberthreat intelligence sharing.
How do we do this?