Facing a growing number of cyberthreats that carry potentially devastating consequences, healthcare providers have partnered with state hospital associations to ramp up collaborative defense efforts.
Experts say these formalized partnerships are popping up throughout the country recently, including in states like Virginia, Michigan and Massachusetts, where collective efforts led to localized cybersecurity guidelines and improved threat sharing.
“I’m hearing more of the state-based hospital organizations are forming cybersecurity committees and reaching across with local industries and federal officials and sharing information,” Lee Kim, director of privacy and security at HIMSS, told Hospitals and Health Networks. “There are hospital councils and associations leading the charge.”
Industry experts have highlighted information sharing as a critical challenge across several healthcare sectors, prompting significant underreporting of data breaches. Smaller organizations, in particular, don’t have the resources necessary to track and analyze threat data.
Recently, the federal government has stepped in with a threat sharing platform called the Healthcare Cybersecurity Communications Integration Center (HCCIC), which opened in June. Federal officials used the new center to help hospitals respond to the WannaCry attack in May. But some have criticized the HCCIC for duplicating efforts within the Department of Homeland Security (DHS).
Beyond threat sharing, state collaborations have issued cybersecurity guidelines for healthcare providers and convened forums with federal agencies like DHS and the FBI to help providers establish baseline security best practices.
“I think a lot of us have decided we’re not competing on cybersecurity and any time one of us gets breached, it makes all of us look bad,” Dan Bowden, vice president and chief information security officer at Sentara Health told Hospitals and Health Networks.