Washington, D.C., September 9, 2019 – The Healthcare and Public Health Sector Coordinating Council (HSCC) today released its 4th cybersecurity resource for the health sector in 2019: the Health Industry Cybersecurity Matrix of Information Sharing Organizations (“HIC-MISO”). This resource serves as an inventory of national information sharing organizations and key services related to cybersecurity for the health sector. The HIC-MISO directly addresses “Imperative 6” of a 2017 report by the Health Care Industry Cybersecurity Task Force, which called on industry and the U.S. Department of Health and Human Services (HHS) to “improve information sharing of industry threats, risks and mitigations.”
“Many health organizations are beginning to understand the importance of cybersecurity information sharing but don’t know where to start,” said Errol Weiss, Chief Security Officer of the Health Information Sharing and Analysis Center (H-ISAC) and co-chair of the HSCC task group that created the HIC-MISO toolkit. “With cyber-attacks against health organizations increasing in number and severity,” Weiss added, “one of the most important things an enterprise can do is build awareness and preparedness through community engagement. The HIC-MISO points them in the right direction.”
The HIC-MISO identifies the most widely known information sharing organizations that are both health sector and cross-sector in scope. The intent is to keep the HIC-MISO simple and manageable, at a national, rather than regional, level.
“The target audience consists of health providers and companies that are not likely to have the resources or expertise to participate in more than one or two of these groups,” emphasized HSCC Information Sharing Task Group co-lead Bill Hagestad, who serves as Medtronic’s Senior Principal Product Security Engineer. “In preparing this resource,” Hagestad noted, “the Task Group recognized the broad range of budgets and capabilities across the sector, and accordingly we will begin work to supplement the HIC-MISO with a guide for how organizations can establish an information sharing management structure appropriate to their enterprise size, resources and risk profile.”
To access and download a copy of HIC-MISO, go to https://healthsectorcouncil.org/hic-miso.
Previous HSCC Joint Cybersecurity Working Group resources published in 2019 include:
- Health Industry Cybersecurity Practices (HICP): https://healthsectorcouncil.org/hhs-and-hscc-release-voluntary-cybersecurity-practices-for-the-health-industry/
- Medical Device and Health I.T. Joint Security Plan: https://healthsectorcouncil.org/the-joint-security-plan/
- Health Industry Cybersecurity Workforce Development Guide: https://healthsectorcouncil.org/workforce-guide/
About the Healthcare and Public Health Sector Coordinating Council (HSCC) Joint Cybersecurity Working Group (JCWG). The HSCC is an industry-driven public private partnership of health companies and providers developing collaborative solutions to mitigate threats to critical healthcare infrastructure. It is one of 16 critical infrastructure sectors organized to partner with the government under Presidential Policy Directive 21 – Critical Infrastructure Security and Resilience. The HSCC Joint Cybersecurity Working Group (JCWG) includes more than 200 medical device and health IT companies, direct patient care entities, plans and payers, labs, blood and pharmaceutical companies, and several government partners. The JCWG industry chair is Terence (Terry) Rice, Vice President, IT Risk Management and Chief Information Security Officer for Merck & Co.
For more information: Greg Garcia, HSCC Cybersecurity Working Group Executive Director: