HITRUST is the 1st healthcare cyber threat-sharing information agency to connect with the federal government’s cyber threat sharing program. HITRUST starts sharing cyber risks with the Homeland Security.
The federal program, initiated previously this year, is the Automated Indicator Sharing Program of the Department of Homeland Security, created to gather and disseminate cyber threat information.
The DHS program enables electronic exchange of cyber risk indicators across private sector organizations, and HITRUST is the 1st healthcare agency to link with the feds to get and submit threat information, claims CEO Daniel Nutkis.
“It was too much work; too much integration and setting up policies,” he recalls. But now, HITRUST can send out or get data within minutes, and so can its members. So far, the volume is low but will ramp up over period. Now, HITRUST starts sharing cyber risks with Homeland Security.
HITRUST provides a basic free threat-sharing platform and also has a proprietary subscription-based platform for agencies that wish to share data across defined partners—deciding who has approach and who doesn’t. That’s why HITRUST starts sharing cyber risks with Homeland Security.
Regardless of the level of information sharing in which healthcare agencies decide to participate, the distribution of data about threats still presents few hurdles, Nutkis notes. For instance, it can be difficult to understand what are great threat indicators and what aren’t.
As HITRUST starts sharing cyber risks with Homeland Security and has ramped up its threat-sharing activities among members this year, it realized how fast new cyber threats were hitting healthcare entities. For example, the organization declared in the month of June that 90% of healthcare cyber threats discovered during the past month were initially unknown threats in the industry.
Members gathering threat information frequently are seeing new kinds of sophistication of the threats, and new exploits or enhancements of known threats, specifically ransomware, in accordance to Nutkis.
HITRUST members sharing threat information among themselves can see some of the behaviors that are causing attacks, Nutkis points out. End users are yet clicking on links they should not and opening email attachments without checking the source.
As members during this year collect threat information they’ve improved performance over time by reporting threats quicker and submitting threat indications to HITRURST within minutes of detection, compared with various weeks for initial submissions.
No comments:
Post a Comment