Vulnerabilities / Threats // Advanced Threats
8/22/2014
03:50 PM
Connect Directly
RSS
E-Mail
50%
50%

Healthcare Industry, Feds Talk Information Sharing

Representatives from the healthcare industry as well as government discuss importance of threat intelligence-sharing in light of the Community Health Systems breach.

When Community Health Systems admitted it had been breached in April and June in a filing with the Securities Exchange Commission (SEC), it shined a spotlight on cybersecurity in the healthcare industry.

In the days since, reports have surfaced linking the incident to the Heartbleed vulnerability. As the details have trickled out, inside the industry the focus has been on getting information about the incident that could be used to prevent any similar attacks.

In its Monthly Cyber Threat Briefing, the Health Information Trust Alliance (HITRUST) and representatives from the FBI, Department of Homeland Security (DHS), Department of Health and Human Services (HHS), and healthcare company WellPoint to discuss the security challenges that are facing the industry and the importance of information sharing.

Many of the organizations that reached out in the aftermath of the revelation of the Community Health Systems breach wanted to know not only what happened, but also how they could communicate internally with their organization about the attack and mitigate any risks, Dan Mutkis, CEO of HITRUST explains in the briefing.

"Given the information we had [at the time], it was very difficult for us to provide that," he says.

FBI Supervisory Special Agent Michael Rosanova notes that the FBI sometimes has a difficult time sharing classified information about cyber attacks, adding that interacting with the private sector this way is relatively new to the FBI.

"Having spent nearly 20 years working both criminal cases and national security … [information sharing] was a one-way street, and now we're realizing as an organization that it's a partnership," he says in the briefing. "It's 50/50. And we're now understanding that we have to build that bridge and make that a strong … partnership, and we're trying to determine how best to do that, while also maintaining the integrity of the intelligence that we have.

"If we have information that needs to get to you, we'll do the best we can to get it to you as expeditiously as possible," says Rosanova.

Jason Lay, senior threat analyst and manager for cyber threat information at HHS, echoed Rosanova's comments, stating that HHS was constantly looking for ways to refine the procedures for interacting with the private sector.

That may very well be good news for the healthcare industry, which increasingly has been the target of attacks. According to Websense, there has been a significant global spike in malicious activity attempted against hospitals beginning in October 2013. August 2014 has seen a 600 percent increase in such activity, compared to the average amount prior to October, according to the firm.

"Healthcare professionals also have an increased tendency to try and get around IT security policy in order to better serve their patients," Charles Renert, vice president at Websense Security Labs, says in an email. "The stakes couldn’t be higher. When a doctor or nurse needs access to computing resources or data because a patient’s health is at risk, IT policy takes a back seat in the heat of the moment and can lead to increased risk to cyber threats or insecure access and storage of sensitive information."

The industry has a large footprint for exposure compared to other industries, due to the amount of information sharing that has to go on between everyone from physicians, clinics, pharmacies, and other parties, notes WellPoint CISO Roy Mellinger in the HITRUST briefing.

"It really is an interesting time, I think, to be a healthcare CISO or the person responsible for security in healthcare," says Mellinger. "It doesn’t matter if you’re an insurer or a payer, if you're a hospital or a provider, or a device manufacturer. We're all in this together."

Brian Prince is a freelance writer for a number of IT security-focused publications. Prior to becoming a freelance reporter, he worked at eWEEK for five years covering not only security, but also a variety of other subjects in the tech industry. Before that, he worked as a ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-0334
Published: 2014-10-31
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

CVE-2014-2334
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2335
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2336
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335.

CVE-2014-3366
Published: 2014-10-31
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.