The Healthcare and Public Health Sector Coordinating Council (HSCC) has issued guidelines for sharing cyber threat data. The new guidance document is supposed to assist healthcare companies in developing, implementing, and maintaining a successful cyber threat data sharing program to minimize risks.
The new document is based on earlier guidance, the Health Industry Cybersecurity Matrix of Information Sharing Organizations (HIC-MISO), which presented the key Information Sharing and Analysis Organizations (ISAOs) for the healthcare industry determined by the HSCC. The new guidance document will enable organizations to know which information to share, in what way the information can be shared, and how to secure sensitive data, as well as providing recommendations for acquiring internal and legal authorizations for data sharing processes.
One of the primary benefits of taking part in these programs is to know about probable attacks and the mitigations to employ to avert getting victimized. In the event that an attack happens at one healthcare company, it is likely that the same attacks will occur on others. By means of sharing threat information, healthcare companies could learn about the attacks from others and prepare an improved security posture. This is predominantly crucial for healthcare companies with minimal resources for cybersecurity as it makes it possible for them to get cybersecurity expertise by crowdsourcing.
The threat landscape changes quickly and cybercriminals are continually developing new ways of attack. Cyber threat intelligence sharing programs allow participants to stay on top of new attack strategies and take action on reducing risk by means of speedy sharing of actionable intelligence. Cross-organizational venture additionally helps to better patient safety via the creation of trusted networks that help handle possible threats.
The guidance document will enable organizations to start outlining the actions they need to take prior to participating in a threat information sharing program. Getting ready calls for the establishment of information sharing goals and objectives, and governance models to regulate compliance. Information sharing assets need to be classified. There must be a governance body created and sanitization regulations established. HSCC advises the early involvement of the legal department on the information sharing process and ensuring the understanding of the value and extent of information sharing.
The HSCC cyber threat information sharing document specifies the types of data that must be shared, for instance strategic, operational, tactical, and technical intelligence, open-source information and data on incident response. Threat intelligence not just includes data about malware, hacking tactics, and threat actors, but also the variety of forms of threat intelligence data, which encompass all cyber risk that can affect the medical industry, for instance, insider threats, third-party risks, regulatory risks, cybersecurity risks, and geopolitical risks.
The guidance additionally gives recommendations for sharing information, including the use of the traffic light protocol, setting up legal protections against any liability, and the information about the people to whom the threat data can be shared with. The document ends with case studies demonstrating the benefits of sharing information to the community and secure against cyber attacks.
The new guidance about cyber threat information sharing is available for download here.