Cybersecurity And Digital Privacy
Summary
The cyberattack on Change Healthcare that devastated the U.S. health care sector made painfully clear that much more needs to be done to address vulnerabilities that exist throughout the ecosystem. This article offers five actions that can go a long way to improving cybersecurity throughout the sector and make it much more resilient. [Step 4 is to leverage information sharing in Health-ISAC]
1. Establish a baseline of core practices.
2. Identify and protect risky connections.
3. Identify convergences of materiality and high risk and improve resilience to recover.
4. Improve detection of attacks and the sharing of information when they occur.
Organizations are understandably reluctant to reveal the details and extent of a successful cyberattack, but this reluctance jeopardizes the whole ecosystem. Mandatory reporting of significant incidents can help, and that’s on its way: The federal Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) requires organizations in key sectors, including finance, energy, water, transportation, and health care, to report attacks to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours, and rules for implementing the law are in development.
However, the ecosystem can’t respond unless the government shares a report as soon as it’s received. In the Change Healthcare incident, the sector was crippled for six days before CISA shared actionable intelligence, and it took 13 days for HHS to make a public statement.
Fortunately, it’s not necessary to rely solely on the government; the ecosystem itself could leverage the Health Information Sharing and Analysis Center (Health-ISAC), an industry group that already crowdsources information about cybersecurity threats and best practices. Health-ISAC membership was actively collaborating on the incident starting the first day of the attack, however that only helped those that pay for membership. It was five days later when Health-ISAC shared what it knew publicly.
A constantly flowing “pipeline” of information on bad activity, including the IP addresses used by attackers, known malware, and other technical details, should be made accessible by every node in the ecosystem. This would help everyone receive and leverage information quickly to protect itself and its business partners.