A clarion call for healthcare security collaboration
September 17, 2017
Chris Nerney, Contributing Writer
Healthcare security professionals must borrow a page from hackers and fight collaboration with collaboration, according to speakers at last week’s HIMSS Health Security Forum in Boston.
“Hackers continue to collaborate, security professionals not so much,” Michael Figueroa, executive director of the Advanced Cyber Security Center, said during a panel discussion. “They might work in isolation physically, but hackers are some of the most collaborative security practitioners in the business today.”
Former Secretary of Homeland Security Tom Ridge urged more healthcare providers to join the National Healthcare Information Sharing and Analysis Center (NH-ISAC), a non-profit organization formed in 2010 to improve public and private healthcare cybersecurity.
NH-ISAC is one of nearly 20 industry-specific ISACs, including those serving the automotive, aviation, financial, oil and gas, public transit, and real estate industries.
As Healthcare IT News Editor-in-Chief Tom Sullivan writes, Ridge said the terrorist attacks on September 11, 2001, motivated many of these industries to share security-related information. Financial services companies in particular are active in that industry’s ISAC, which has nearly 7,000 members. In contrast, membership in the NH-ISAC hovers around 200.
“I encourage you to become members of the ISAC,” Ridge told attendees. “It’s absolutely essential.”
Other speakers said where providers received valid threat information and data isn’t important as long as they get it from some trusted source.
Phil Alexander, information security officer at UMC Health System in Texas, said providers can access threat data and get security advice from ISAC, the NIST (National Institutes of Standards and Technology) Cybersecurity Framework, HITRUST (the Health Information Trust Alliance), the FBI, and others.
“If you’re not grabbing intelligence about our industry then you’re missing out,” Alexander said.