On April 6, 2017, the House Subcommittee on Oversight and Investigations met with healthcare industry stakeholders to discuss how to strengthen cybersecurity via public-private partnerships. As much as government at any level lags behind available technologies, let’s hope that this is a sign that medtech will become the exception to the rule. After last October’s DDoS attack, where large-scale insecurities were exposed within household IoT devices like digital cameras and DVR players, the implications for medical wearables have become increasingly dire. And the expanding connectivity and functionality capabilities of these devices only further complicates the problem.
As of right now, the million dollar question isn’t, How do we completely prevent these attacks? Rather, it’s, How do we immediately stifle a potentially large-scale attack once it begins to unfold?
First and foremost, awareness of ISACs is key.
At last week’s House Subcommittee hearing, Denise Anderson, President of the National Health Information Sharing and Analysis Center (NH-ISAC), pushed Congress to help educate and promote cooperation between the public and private sectors, as well as within the private sector itself, when it comes to enhancing cybersecurity prevention and response strategies. Granted, Anderson may be a bit biased, but she believes that ISACs—Information Sharing and Analysis Centers—provide the best solution.
Generally, ISACs serve as a centralized network of infrastructure owners and operators within a particular industry sector who share up-to-the-second intelligence regarding cybersecurity risks, threats, and incidents. By establishing a trusted community, ISACs are able to act as a disinterested intermediary between competitors and between a particular sector and its corresponding regulatory agency.
Anderson stressed before Congress that her number one fight at the moment is to get the word out.
“One of the greatest challenges for the NH-ISAC and all ISACs is the lack of awareness amongst the critical infrastructure owners and operators, particularly the smaller owners and operators, that the ISACs exist and are a valuable tool,” Anderson said. “Numerous incidents have shown that effective information sharing amongst robust trusted networks of members works in combating cyber threats.”
October’s DDoS attack showed us all that healthcare’s usual fretting over sensitive personal info within EHRs is merely a singular vulnerability within an unreliable digital infrastructure. If giants like Amazon and Netflix can be temporarily shut down, imagine the consequences of entire healthcare networks.
So how does NH-ISAC work?
Amongst its network of healthcare infrastructure owners and operators, NH-ISAC provides actionable intelligence on:
- “indicators of compromise, tactics, and procedures of threat actors”
- “advice and best practices”
- “mitigation strategies”
Sharing of NH-ISAC’s intel can occur “machine to machine or human to human.” It also fosters networking and relationship building within its sector through educational events.
But, maybe even most important, NH-ISAC contributes to macro cybersecurity efforts by remaining “constantly engaged with external partners such as government, law enforcement, the vendor community, other ISACs and HPH associations such as HIMSS, MDISS, EHNAC and CHIME to facilitate situational awareness and inform risk-based decision making to protect the HPH and other critical infrastructure sectors” (NH-ISAC).
National Council of ISACs (NCI)
NH-ISAC furthers the macro cybersecurity fight as a member of the NCI, a cross-sector partnership including 21 organizations, each representing its own sector. Membership includes ISACS for:
Within such a vast network, sharing intel on infrastructure liabilities throughout each sector can collectively help to avoid the same mistakes repeating themselves throughout our economy. It also helps to drastically reduce the scale of another cyber attack.
It’s hard to predict what will happen in Washington next, but, in terms of cybersecurity for every sector, federally-backed financial incentives or even mandates may be on the horizon.
How does your healthcare network fit into the mix?
At tekMountain, the innovative arm of Fortune 500 company CastleBranch, re-envisioning compliance solutions is our daily beat. Whether or not membership in a healthcare ISAC becomes mandatory, we know how rigorous it can be to navigate and maintain good-standing within regulations and tax codes, not to mention industry standards. Contact us today to see how your healthcare network can reach its utmost innovative potential.