Governance & Risk Management , Information Sharing , Professional Certifications & Continuous Training
Engaging Smaller Healthcare Entities in Threat Info SharingNH-ISAC's Denise Anderson Discusses New Initiatives
The National Health Information Sharing and Analysis Center aims to better engage smaller healthcare organizations in cyberthreat information sharing, using funds from recent grants provided by the Department of Health and Human Services, says Denise Anderson, NH-ISAC president.
"Our goal is to leverage what we're already doing and make it more available to everyone in the sector," she says in an interview with Information Security Media Group. That includes "trying to reach the smallest entities that are probably the most vulnerable and are being impacted greatly by the number of threats out there, most notably recently ransomware threats."
HHS recently awarded NH-ISAC two potentially renewable grants totaling $350,000. One grant, awarded by HHS' Office of the Assistant Secretary for Preparedness and Response, will support building the infrastructure necessary to securely disseminate cyber threat information. The other grant, from the Office of the National Coordinator for Health IT, will support providing cybersecurity information and education on cyberthreats to healthcare sector stakeholders.
Learning from Banking Sector
As it strives to improve cyber threat information sharing, NH-ISAC hopes to build on the experience of the financial services sector, says Anderson, who formerly worked at FS-ISAC, which serves the financial sector.
"Many of the larger financial institutions were the leaders, the mentors, within the sector, and they realized the importance of looking at the security of the entire sector," she says. "So, they started programs reaching out to smaller entities, like the community banks and credit unions. We're looking to do the same thing here."
NH-ISAC hopes to help make services other services, such as malware analysis and penetration, available to smaller organizations with limited resources, Anderson says. In addition, NH-ISAC is examining how to make timely cyber alerts more broadly available.
In the wake of the ransomware attack earlier this year on Hollywood Presbyterian Medical Center, NH-ISAC promptly alerted healthcare organizations that they should disable their JBoss application server consoles to avoid becoming the next ransomware victim, Anderson notes. "What I think the grant[s] will do is to force us to be a little more focused on doing more of that within the sector," she says.
NH-ISAC also will hold more webinars and workshops on cybersecurity issues. It recently co-hosted a 14-city series of events to provide education about ransomware.
In the interview (see audio player below image), Anderson also discusses:
- The evolving healthcare cyber threat landscape;
- How NH-ISAC provides real-time cyber threat information sharing;
- Collaboration between NH-ISAC and the Medical Device Innovation, Safety and Security Consortium to address cybersecurity concerns related to medical devices.
Anderson is president of NH-ISAC, one of more than a dozen ISACs whose mission is protecting the nation's critical infrastructure from attacks through dissemination of trusted and timely information. She also serves as the chair of the National Council of ISACs. Anderson is also a health sector representative to the National Cybersecurity and Communications Integration Center, a Department of Homeland Security-led coordinated watch and warning center, and also participates in the Cyber Unified Coordination Group, a public/private advisory group that provides guidance during significant cyber events. She has more than 25 years of management experience in the private sector.