- An online resource for improving cybersecurity in the health sector was launched by America's Healthcare and Public Health Sector Coordinating Council (HSCC).
- The resource aims to compile sources that offer cybersecurity information.
With many health organizations realizing the importance of cybersecurity, the newly launched resource strives to provide a list of information sharing organizations.
- The resource, called Health Industry Cybersecurity Matrix of Information Sharing Organizations (HIC-MISO), currently provides a list of more than 20 resources.
- Of these, nine resources are specific to the healthcare sector.
- Each of the listed resources is accompanied by its mission and other details.
“With cyber-attacks against health organizations increasing in number and severity, one of the most important things an enterprise can do is build awareness and preparedness through community engagement. The HIC-MISO points them in the right direction,” said Errol Weiss, chief security officer of the Health Information Sharing and Analysis Center (H-ISAC) and co-chair of the HSCC Information Sharing Task Group that created the HIC-MISO toolkit
How will this help?
This resource is aimed at helping organizations that don’t know how to begin with cybersecurity information sharing.
- Some of the information-sharing organizations in the list are said to be collaborative, that is accepting incident information and then having experts review and provide suggestions.
- Few others are said only to broadcast information about cybersecurity threats.
- In the case of a new threat, detailed analysis and expert opinions about it can help healthcare institutions take necessary measures.
Implementing enterprise information sharing
A follow-up project is believed to offer details on best practices for enterprise information sharing with respect to cybersecurity. The HIC-MISO recommends the following until this project is published.
- Conduct research about the sources of information.
- Create an informational flow that defines who receives the information, analyzes it, and what actions must be taken.
- Start with a simple process and refine it with time.