Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Advanced Threats

8/22/2014
03:50 PM
50%
50%

Healthcare Industry, Feds Talk Information Sharing

Representatives from the healthcare industry as well as government discuss importance of threat intelligence-sharing in light of the Community Health Systems breach.

When Community Health Systems admitted it had been breached in April and June in a filing with the Securities Exchange Commission (SEC), it shined a spotlight on cybersecurity in the healthcare industry.

In the days since, reports have surfaced linking the incident to the Heartbleed vulnerability. As the details have trickled out, inside the industry the focus has been on getting information about the incident that could be used to prevent any similar attacks.

In its Monthly Cyber Threat Briefing, the Health Information Trust Alliance (HITRUST) and representatives from the FBI, Department of Homeland Security (DHS), Department of Health and Human Services (HHS), and healthcare company WellPoint to discuss the security challenges that are facing the industry and the importance of information sharing.

Many of the organizations that reached out in the aftermath of the revelation of the Community Health Systems breach wanted to know not only what happened, but also how they could communicate internally with their organization about the attack and mitigate any risks, Dan Mutkis, CEO of HITRUST explains in the briefing.

"Given the information we had [at the time], it was very difficult for us to provide that," he says.

FBI Supervisory Special Agent Michael Rosanova notes that the FBI sometimes has a difficult time sharing classified information about cyber attacks, adding that interacting with the private sector this way is relatively new to the FBI.

"Having spent nearly 20 years working both criminal cases and national security … [information sharing] was a one-way street, and now we're realizing as an organization that it's a partnership," he says in the briefing. "It's 50/50. And we're now understanding that we have to build that bridge and make that a strong … partnership, and we're trying to determine how best to do that, while also maintaining the integrity of the intelligence that we have.

"If we have information that needs to get to you, we'll do the best we can to get it to you as expeditiously as possible," says Rosanova.

Jason Lay, senior threat analyst and manager for cyber threat information at HHS, echoed Rosanova's comments, stating that HHS was constantly looking for ways to refine the procedures for interacting with the private sector.

That may very well be good news for the healthcare industry, which increasingly has been the target of attacks. According to Websense, there has been a significant global spike in malicious activity attempted against hospitals beginning in October 2013. August 2014 has seen a 600 percent increase in such activity, compared to the average amount prior to October, according to the firm.

"Healthcare professionals also have an increased tendency to try and get around IT security policy in order to better serve their patients," Charles Renert, vice president at Websense Security Labs, says in an email. "The stakes couldn’t be higher. When a doctor or nurse needs access to computing resources or data because a patient’s health is at risk, IT policy takes a back seat in the heat of the moment and can lead to increased risk to cyber threats or insecure access and storage of sensitive information."

The industry has a large footprint for exposure compared to other industries, due to the amount of information sharing that has to go on between everyone from physicians, clinics, pharmacies, and other parties, notes WellPoint CISO Roy Mellinger in the HITRUST briefing.

"It really is an interesting time, I think, to be a healthcare CISO or the person responsible for security in healthcare," says Mellinger. "It doesn’t matter if you’re an insurer or a payer, if you're a hospital or a provider, or a device manufacturer. We're all in this together."

Brian Prince is a freelance writer for a number of IT security-focused publications. Prior to becoming a freelance reporter, he worked at eWEEK for five years covering not only security, but also a variety of other subjects in the tech industry. Before that, he worked as a ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
10 Notable Security Acquisitions of 2019 (So Far)
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12865
PUBLISHED: 2019-06-17
In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command.
CVE-2017-10720
PUBLISHED: 2019-06-17
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi name. This application is installed o...
CVE-2017-10721
PUBLISHED: 2019-06-17
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has Telnet functionality enabled by default. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car ga...
CVE-2017-10722
PUBLISHED: 2019-06-17
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi password. This application is install...
CVE-2017-10723
PUBLISHED: 2019-06-17
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that an attacker connected to the device Wi-Fi SSID can exploit a memory corruption issue and execute remote code on the device. This device acts as an Endoscope camera that allows it...