By Elizabeth Snell

November 18, 2015 - Few healthcare companies actually contribute to a healthcare cybersecurity threat intelligence sharing and analysis organization, according to a recent report, which shows there are gaps when it comes to collecting data and then learning from it.

The Health Information Trust Alliance (HITRUST) found that just 5 percent of healthcare organizations contributed Indicators of Compromise (IOCs) to the HITRUST Cyber Threat XChange (CTX). However, 85 percent of organizations gathered information from IOCs in that same timeframe, according to The Health Industry Cyber Threat Information Sharing and Analysis Report.

HITRUST explained that there are two key takeaways from the report:

Current requirements and guidance regarding the submission of IOCs to the HITRUST CTX is deficient and contributes to under-reporting or inconsistent reporting of IOCs

Current level of IOC collection is not representative of the level of cyber threats being perpetrated against the healthcare industry – nor are complete and timely IOCs available through existing government and other readily available commercial cyber threat sources

It is also important to note that just 50 percent of the contributed IOCs in the sampling period were considered “actionable,” meaning they could potentially be “useful in allowing preventative or defensive action to be taken without a significant risk of a false positive.”

“Cyber threat intelligence sharing still holds the greatest potential to enhance situational awareness and improve organizational cyber preparedness,” HITRUST CEO Daniel Nutkis said in a statement. “Development of the IOC collection requirements and our deployment of breach detection systems are a big step forward in advancing industry’s cyber intel sharing capability.”

HITRUST recommended that to overcome deficiencies in current requirements, it is necessary to “define specifications and requirements relating to the submission of IOCs,” and that they need to be published by HITRUST for use by the HITRUST CTX.

There must also be the correct level of detection and reporting, and also measured duration from detection to submission. IOCs submitted should also contain a defined set of metadata based on the IOC type.

The following recommendations were given to ensure that the level of IOC collection is representative of the level of cyber threats being perpetrated against healthcare:

1. Explore leveraging advances in information security technology, specifically breach detection technology, to address some of the current gaps in more efficient and effective IOC collection in support of cyber threat information sharing 2. The HITRUST CTX platform should be updated to allow automated collection of IOCs from Breach Detection systems meeting a defined requirement 3. HITRUST should evaluate seeding the healthcare industry with Breach Detection Systems distributed across various segments of the industry to enable IOC collection spanning major segments 4. Risks and liability concerns with automated sharing need to be appropriately addressed for organizations to embrace the technology for this purpose 5. Costs and other resource requirements need to be fully understood

Being able to detect potential healthcare cybersecurity threats is consistently listed as a key area for organizations in their data security. The Institute for Critical Infrastructure Technology (ICIT) Co-founder and Senior Fellow Parham Eftekhari recently explained in an interview with HealthITSecurity.com that behavior analytics, dual-factor authentication, and encryption are also critical pieces.

The proper resources must also be implemented to assist in employee training, he said.

“We need to have money put into training our employees on a regular basis,” Eftekhari urged. “Once a year is not enough. Organizations should train every quarter or at least twice per year. And then you need to test your employees to see if they retained any of that knowledge, and if they’re implementing best practices and changing their behaviors to actually improve the security of the organization.”

Photo credits: HITRUST