Information sharing best practices

The healthcare industry faces a wide range of cybersecurity challenges. Threat actors relentlessly target sensitive patient data, infrastructure, and core services—jeopardizing patient safety, organizational integrity, and public trust. Healthcare organizations must adopt a collaborative approach centered on strategic information sharing to address these sophisticated threats.

The transformative benefits of information sharing

According to the Healthcare and Public Health Sector Coordinating Council, “Information sharing programs produce significant benefits at minimal risk for the organizations that participate.”

Cybersecurity information sharing programs offer a powerful antidote to the growing complexity of the threat environment. Healthcare organizations can enhance their security posture and resilience by pooling collective knowledge and resources. Here are the benefits of participation in these dynamic communities:

Improved situational awareness

Shared threat intelligence empowers organizations to preemptively identify and mitigate emerging attack vectors before they strike. By learning from the experiences of their peers, healthcare entities can prepare for novel threats and implement proactive countermeasures.

Crowdsourced cybersecurity expertise

Information sharing initiatives provide access to a wealth of specialized security knowledge and best practices. Healthcare organizations can use the combined expertise of the community to bolster their defenses, optimize security strategies, and stay ahead of the curve.

Heightened community resilience

A collaborative ecosystem fosters trust, transparency, and collective resilience. By working together, healthcare organizations can fortify their defenses, safeguard patient data, and ensure the continuity of critical services - even in the face of sophisticated, coordinated attacks.

Accelerated cybersecurity innovation

Sector-wide information sharing drives the continuous evolution of security practices and technologies. As threats advance, healthcare entities can stay agile, adaptive, and innovative in their approach to protecting patients and assets.

Navigating information sharing 

Effective information sharing requires a strategic, well-structured approach. Healthcare organizations must carefully consider the types of data to share, the sharing protocols to follow, and the trusted partners to engage with.

Defining the scope of shared intelligence

The information sharing community encompasses a diverse array of data types, from strategic intelligence to tactical insights and operational indicators. By understanding the value of each intelligence category, healthcare entities can optimize their sharing efforts and derive maximum benefits.

• Strategic intelligence: Strategic intelligence informs high-level decision-making, helping organizations understand threats, emerging regulations, and geopolitical dynamics. It supports long-term planning, budget allocation, and the development of proactive security strategies.
• Tactical intelligence: Tactical intelligence focuses on the specific tactics, techniques, and procedures employed by threat actors. Understanding the mechanics of cyber attacks allows healthcare organizations to implement targeted countermeasures and improve their ability to detect and respond to threats.
• Operational intelligence: Operational intelligence provides actionable insights about ongoing or imminent attacks. Real-time information enables healthcare entities to swiftly mobilize their defenses, mitigate the immediate impact, and share details with the broader community.
• Open-source intelligence (OSINT): Open-source intelligence, gathered from publicly available sources, can serve as an early warning system for emerging threats. Monitoring online chatter, news reports, and social media helps healthcare organizations stay ahead of the curve and share relevant information with their peers.

Establishing sharing protocols and safeguards

Effective information sharing requires a governance framework that balances transparency with the protection of sensitive data. Healthcare organizations should adopt standardized protocols, such as the Traffic Light Protocol (TLP), to ensure the appropriate handling and dissemination of shared intelligence.

The Traffic Light Protocol is a widely recognized system that classifies shared information based on its sensitivity and intended audience. Adhering to TLP guidelines helps healthcare entities ensure the secure exchange of data and maintain the trust of their information-sharing partners.

Legal protections and compliance considerations

Information sharing initiatives must understand legal and regulatory requirements, such as the Cybersecurity Information Sharing Act (CISA) and the Health Insurance Portability and Accountability Act (HIPAA). Healthcare organizations should work closely with their legal teams to ensure compliance and leverage available legal protections.

Identifying trusted sharing partners

The success of an information sharing program hinges on the establishment of a network of trusted partners. Healthcare entities should carefully evaluate potential collaborators, including industry associations, government agencies, and specialized information sharing organizations like the Health Information Sharing and Analysis Center (Health-ISAC).

Related: What is threat intelligence? 

Preparing for effective information sharing

Before going on an information sharing journey, healthcare organizations must lay the groundwork for success. This preparation phase involves several steps:

Defining organizational objectives and governance

Clearly articulate the goals and scope of your information sharing program, establish a governance framework, and designate responsible stakeholders to oversee the process.

Cataloging shareable assets

Identify the types of data and intelligence your organization can contribute to the sharing community, and categorize them based on sensitivity, ownership, and authorized release protocols.

Engaging the legal department

Collaborate closely with your legal team to ensure compliance with relevant laws and regulations, address liability concerns, and develop appropriate data handling and sharing policies.

Building trust through transparency

Foster a culture of transparency and collaboration within your organization, and actively participate in industry forums to establish trusted relationships with potential sharing partners.

In the news

On January 27, 2023, Killnet associate KillMilk shared a list on Telegram, an encrypted messaging platform, targeting healthcare organizations for distributed denial of service (DDoS) attacks. The following day, the list was made public on Twitter, including many members of the Health-ISAC community. DDoS attacks began on January 30 as announced but were quickly mitigated through the sharing of indicators of compromise (IOCs) related to Killnet, targeted alerts to the listed organizations, and the exchange of best practices within the healthcare sector. Members of the information-sharing organization gained increased threat visibility and access to industry-specific best practices.

FAQs

Does HIPAA apply to information sharing?

Yes, HIPAA regulations do apply to the sharing of healthcare-related information. Organizations must ensure that any protected health information (PHI) shared through information sharing channels is properly de-identified or redacted to comply with HIPAA requirements.

Do I need consent to share information?

The specific consent requirements for information sharing can vary based on the type of data, the intended recipients, and the applicable laws and regulations. It is recommended to consult with your legal team to determine the appropriate consent protocols for your organization's information sharing activities.

What tools and platforms can I use for information sharing?

There are a variety of specialized information sharing platforms and tools available to the healthcare sector, such as the Health Information Sharing and Analysis Center (Health-ISAC) and the Cybersecurity and Infrastructure Security Agency's (CISA) Automated Indicator Sharing (AIS) program. The choice of platform will depend on your organization's specific needs, the sensitivity of the information, and the trusted partners you try to engage.

Learn more: HIPAA Compliant Email: The Definitive Guide