Vulnerabilities / Threats // Advanced Threats
8/22/2014
03:50 PM
50%
50%

Healthcare Industry, Feds Talk Information Sharing

Representatives from the healthcare industry as well as government discuss importance of threat intelligence-sharing in light of the Community Health Systems breach.

When Community Health Systems admitted it had been breached in April and June in a filing with the Securities Exchange Commission (SEC), it shined a spotlight on cybersecurity in the healthcare industry.

In the days since, reports have surfaced linking the incident to the Heartbleed vulnerability. As the details have trickled out, inside the industry the focus has been on getting information about the incident that could be used to prevent any similar attacks.

In its Monthly Cyber Threat Briefing, the Health Information Trust Alliance (HITRUST) and representatives from the FBI, Department of Homeland Security (DHS), Department of Health and Human Services (HHS), and healthcare company WellPoint to discuss the security challenges that are facing the industry and the importance of information sharing.

Many of the organizations that reached out in the aftermath of the revelation of the Community Health Systems breach wanted to know not only what happened, but also how they could communicate internally with their organization about the attack and mitigate any risks, Dan Mutkis, CEO of HITRUST explains in the briefing.

"Given the information we had [at the time], it was very difficult for us to provide that," he says.

FBI Supervisory Special Agent Michael Rosanova notes that the FBI sometimes has a difficult time sharing classified information about cyber attacks, adding that interacting with the private sector this way is relatively new to the FBI.

"Having spent nearly 20 years working both criminal cases and national security … [information sharing] was a one-way street, and now we're realizing as an organization that it's a partnership," he says in the briefing. "It's 50/50. And we're now understanding that we have to build that bridge and make that a strong … partnership, and we're trying to determine how best to do that, while also maintaining the integrity of the intelligence that we have.

"If we have information that needs to get to you, we'll do the best we can to get it to you as expeditiously as possible," says Rosanova.

Jason Lay, senior threat analyst and manager for cyber threat information at HHS, echoed Rosanova's comments, stating that HHS was constantly looking for ways to refine the procedures for interacting with the private sector.

That may very well be good news for the healthcare industry, which increasingly has been the target of attacks. According to Websense, there has been a significant global spike in malicious activity attempted against hospitals beginning in October 2013. August 2014 has seen a 600 percent increase in such activity, compared to the average amount prior to October, according to the firm.

"Healthcare professionals also have an increased tendency to try and get around IT security policy in order to better serve their patients," Charles Renert, vice president at Websense Security Labs, says in an email. "The stakes couldn’t be higher. When a doctor or nurse needs access to computing resources or data because a patient’s health is at risk, IT policy takes a back seat in the heat of the moment and can lead to increased risk to cyber threats or insecure access and storage of sensitive information."

The industry has a large footprint for exposure compared to other industries, due to the amount of information sharing that has to go on between everyone from physicians, clinics, pharmacies, and other parties, notes WellPoint CISO Roy Mellinger in the HITRUST briefing.

"It really is an interesting time, I think, to be a healthcare CISO or the person responsible for security in healthcare," says Mellinger. "It doesn’t matter if you’re an insurer or a payer, if you're a hospital or a provider, or a device manufacturer. We're all in this together."

Brian Prince is a freelance writer for a number of IT security-focused publications. Prior to becoming a freelance reporter, he worked at eWEEK for five years covering not only security, but also a variety of other subjects in the tech industry. Before that, he worked as a ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: It's A Dog's Life: Caption Contest Winners Announced
Current Issue
Understanding & Managing the Mobile Security Threat
Mobile devices are increasing IT security risk. Is your enterprise ready?
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join us as Dark Reading editors speak with IT security hiring experts about improving IT career prospects.