Charles Sternberg, Associate Editor08.25.23
The Healthcare and Public Health Sector Coordinating Council (HSCC) Cybersecurity Working Group (CWG) has released updated best practices for how healthcare organizations can set up and manage cybersecurity threat information sharing programs for their enterprise.
The Health Industry Cybersecurity Information Sharing Best Practices (HIC-ISBP) updates the original March 2020 version, co-published with the Health Information Sharing and Analysis Center (Health-ISAC). This update includes:
The CWG last week published an updated companion resource – the Matrix of Information Sharing Organizations, which together with ISBP supports one of the information sharing priorities in the February 2023 White House National Cybersecurity Strategy, which in Initiative 1.2.4 calls for “opportunities for new and improved information sharing and collaboration platforms, processes and mechanisms.”
Building on the Matrix of Information Sharing Organizations, which listed numerous information sharing organizations that health institutions may leverage for threat intelligence sharing, the HIC-ISBP advises healthcare enterprises about how to manage the information they have gleaned from their participation in collaboratives such as the Health-ISAC, government resources and other industry Information Sharing Analysis Organizations (ISAOs).
“Information sharing programs, when done properly, produce significant benefit at low risk for the organizations that participate,” said Errol Weiss, Chief Security Officer of the Health H-ISAC and co-chair of the HSCC task group that created the HIC-ISBP. “This document provides Healthcare and Public Health Sector (HPH) organizations with a set of guidelines and best practices for efficient and effective information sharing.”
Weiss added that the HIC-ISBP “addresses real and perceived barriers to information sharing that are often found from laws, regulations, corporate policies or management support, and will help organizations work through these obstacles.”
The HSCC encourages health information sharing organizations to use this document as the basis of their own Information Sharing Best Practices Guidelines.
The Health Industry Cybersecurity Information Sharing Best Practices (HIC-ISBP) updates the original March 2020 version, co-published with the Health Information Sharing and Analysis Center (Health-ISAC). This update includes:
- A new information sharing category -- defensive measures (officially called "Threat Defender Content and Resources Sharing")
- A section on information sharing protections with respect to the European Union’s General Data Protection Regulation (GDPR)
- Refreshed case study examples
- Minor updates to bring the document up to date
The CWG last week published an updated companion resource – the Matrix of Information Sharing Organizations, which together with ISBP supports one of the information sharing priorities in the February 2023 White House National Cybersecurity Strategy, which in Initiative 1.2.4 calls for “opportunities for new and improved information sharing and collaboration platforms, processes and mechanisms.”
Building on the Matrix of Information Sharing Organizations, which listed numerous information sharing organizations that health institutions may leverage for threat intelligence sharing, the HIC-ISBP advises healthcare enterprises about how to manage the information they have gleaned from their participation in collaboratives such as the Health-ISAC, government resources and other industry Information Sharing Analysis Organizations (ISAOs).
“Information sharing programs, when done properly, produce significant benefit at low risk for the organizations that participate,” said Errol Weiss, Chief Security Officer of the Health H-ISAC and co-chair of the HSCC task group that created the HIC-ISBP. “This document provides Healthcare and Public Health Sector (HPH) organizations with a set of guidelines and best practices for efficient and effective information sharing.”
Weiss added that the HIC-ISBP “addresses real and perceived barriers to information sharing that are often found from laws, regulations, corporate policies or management support, and will help organizations work through these obstacles.”
The HSCC encourages health information sharing organizations to use this document as the basis of their own Information Sharing Best Practices Guidelines.