"We don't anticipate all incidents will be reported to us. Some internal events don't support huge collaboration," he says. The center will not only alert participating healthcare organizations of threats and attacks, but also help with coordinating response and best practices.
The center will also provide threat information to the healthcare industry overall.
What makes healthcare unique when it comes to threats is that there are so many interactions among various healthcare organizations, plus there are so many points of entry for a breach. "Most individuals only bank with one or two banking entities ... but in healthcare, you go to primary providers, dentists, specialists, eye doctors, and pharmacies: It's a one-to-many relationship," WellPoint's Mellinger says. "And each of these needs to exchange information with additional parties, doctors with hospitals and X-rays, MRIs, and payers."
That data flow is unique, and with it does come some risk of that data somewhere along the way being compromised, experts say.
Meantime, WellPoint is using the intel it gathers from other healthcare providers to update its sensors and other defenses to deflect the latest attacks, according to Mellinger. "We can share IP addresses where the origination or source of an attack may come from and share our forensic results" in a redacted and sanitized form, he says.
And healthcare organizations can also collaborate one-on-one if they need to drill down for more specifics about an attack, for example, he says. "If I have a colleague with a similar problem and we cooperate [offline], it can benefit both of us," Mellinger says.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.