While more healthcare organizations are getting involved in information threat sharing, the platforms need to be standardized to better equip recipients to use such knowledge.
“Some organizations are receiving threat information, but the value-add is not there,” Jeffrey Vinson, chief information security officer at Harris Health System, says in an interview at HealthcareInfoSecurity.com.
"The platforms are there, [but] they are not mature, and they're not standardized so that [healthcare organizations] can get true actionable intelligence from the information that is coming to them," he says.
Harris Health System was awarded a grant last fall from the U.S. Department of Health and Human Services to study the healthcare cybersecurity landscape. The organization reported in March on its survey results about gaps in cyber information sharing. In its second phase, it’s now polling organizations about capacity planning, according to Vinson.
He says he has found that most organizations are moving toward cyber threat information sharing, but in addition to the lack of standardization, speed--or lack of it--also is a problem. In addition, the industry has resource challenges when it comes to digesting the information and taking action from it, he says.
As ransomware has become one of the biggest threats, HHS has stated that ransomware needs to be reported as a breach. However, Vinson says there’s not not a lot of guidance on what organizations need to do so they will not be subjected to such attacks.
The Office of the National Coordinator for Health IT has launched a search for one organization that will take a lead role in cyber threat information sharing, and Vinson says Harris is throwing its hat in the ring for that work, as well.