A recent review of the HITRUST Cyber Threat XChange (CTX), set up in 2012 to speed up detection and response to cyberattacks, highlights how far the industry has to go to effectively share information on cybersecurity.
It found that during August, just 5 percent of organizations contributed indicators of compromise (IOC) to CTX, while 85 percent of organizations consumed them during the same period. Of the issues reported, only half were considered useful in helping other entities to take action, according to an announcement.
As part of the study, HITRUST employed breach detection systems that evaluated suspicious content, communication and behavior in select organizations. These systems found 286 times more IOCs than those organizations had reported using their current cyber discovery methods. And 24 percent of those identified IOCs had not previously been submitted to CTX.
The report emphasizes the need to effectively identify threats and share the necessary information in near-real time to HITRUST CTX to make the IOC useful to others.
Among its recommendations are that the healthcare industry:
- Establish detailed requirements for IOC sharing
- Undertake an IOC-sharing pilot to quantify the benefits and identify any issues
- Evaluate incentives to actively engage organizations in cyberthreat information sharing
HITRUST also will be providing breach detection systems to 50 organizations, with criteria to be available within 45 days. You can find the application page here.
In a previous review of cyberrisk management practices in healthcare, HITRUST found the industry's approach to be reactive, inefficient and labor intensive. Many organizations simply weren't aware of the threats they face.
The College of Healthcare Information Management Executives has been pushing Congress to pass the Cybersecurity Information Sharing Act as a move to improve sharing of threat information. The House passed it, but the Senate is expected to write its own version.
To learn more:
- here's the report (.pdf)
- read the announcement
- apply to receive a breach detection system