Healthcare Industry Now Sharing Attack Intelligence

New HITRUST Cybersecurity Incident Response and Coordination Center lets healthcare organizations, U.S. Department of Health and Human Services swap information, forensics from firsthand attack experiences, other threats
HITRUST's Nutkis says the new healthcare intel-sharing portal is basically a centralized vehicle for information dissemination, and includes information from outside sources, such as US-CERT. He says he doesn't expect participants to report each and every incident they experience, however.

"We don't anticipate all incidents will be reported to us. Some internal events don't support huge collaboration," he says. The center will not only alert participating healthcare organizations of threats and attacks, but also help with coordinating response and best practices.

The center will also provide threat information to the healthcare industry overall.

What makes healthcare unique when it comes to threats is that there are so many interactions among various healthcare organizations, plus there are so many points of entry for a breach. "Most individuals only bank with one or two banking entities ... but in healthcare, you go to primary providers, dentists, specialists, eye doctors, and pharmacies: It's a one-to-many relationship," WellPoint's Mellinger says. "And each of these needs to exchange information with additional parties, doctors with hospitals and X-rays, MRIs, and payers."

That data flow is unique, and with it does come some risk of that data somewhere along the way being compromised, experts say.

Meantime, WellPoint is using the intel it gathers from other healthcare providers to update its sensors and other defenses to deflect the latest attacks, according to Mellinger. "We can share IP addresses where the origination or source of an attack may come from and share our forensic results" in a redacted and sanitized form, he says.

And healthcare organizations can also collaborate one-on-one if they need to drill down for more specifics about an attack, for example, he says. "If I have a colleague with a similar problem and we cooperate [offline], it can benefit both of us," Mellinger says.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Editors' Choice
Jai Vijayan, Contributing Writer, Dark Reading
Kelly Jackson Higgins 2, Editor-in-Chief, Dark Reading