HSCC Launches Cybersecurity Matrix for Healthcare Sector

• An online resource for improving cybersecurity in the health sector was launched by America's Healthcare and Public Health Sector Coordinating Council (HSCC).
• The resource aims to compile sources that offer cybersecurity information.

The details

With many health organizations realizing the importance of cybersecurity, the newly launched resource strives to provide a list of information sharing organizations.

• The resource, called Health Industry Cybersecurity Matrix of Information Sharing Organizations (HIC-MISO), currently provides a list of more than 20 resources.
• Of these, nine resources are specific to the healthcare sector.
• Each of the listed resources is accompanied by its mission and other details.

“With cyber-attacks against health organizations increasing in number and severity, one of the most important things an enterprise can do is build awareness and preparedness through community engagement. The HIC-MISO points them in the right direction,” said Errol Weiss, chief security officer of the Health Information Sharing and Analysis Center (H-ISAC) and co-chair of the HSCC Information Sharing Task Group that created the HIC-MISO toolkit

How will this help?

This resource is aimed at helping organizations that don’t know how to begin with cybersecurity information sharing.

• Some of the information-sharing organizations in the list are said to be collaborative, that is accepting incident information and then having experts review and provide suggestions.
• Few others are said only to broadcast information about cybersecurity threats.
• In the case of a new threat, detailed analysis and expert opinions about it can help healthcare institutions take necessary measures.

Implementing enterprise information sharing

A follow-up project is believed to offer details on best practices for enterprise information sharing with respect to cybersecurity. The HIC-MISO recommends the following until this project is published.

• Conduct research about the sources of information.
• Create an informational flow that defines who receives the information, analyzes it, and what actions must be taken.
• Start with a simple process and refine it with time.