Menu
US agencies to release cyberthreat information faster to the health-care industry

US agencies to release cyberthreat information faster to the health-care industry

Representatives of the FBI and DHS say they're looking at ways to get more information into the hands of health-care providers

U.S government agencies will work to release cyberthreat information faster to the health-care industry after a massive breach at hospital operator Community Health Systems, representatives of two agencies said.

While the FBI issued an alert about the Community Health Systems breach one day after it was announced, government agencies can still do more to warn health-care providers about ongoing threats, said Michael Rosanova, a supervisory special agency at the FBI.

It can be "frustrating" for health-care providers to get threat information from government agencies, Rosanova said during a briefing hosted Thursday by the Health Information Trust Alliance (HITRUST), a health-care cybersecurity vendor.

If cyberthreat information is classified by the government, the FBI and other agencies have to take additional steps before sharing the information, he said. "It's not that easy, unfortunately, to take something with a fairly high security classification ... and get that in a useable context to people that need it," Rosanova said.

In the Community Health Systems breach, "we did make every effort to get the industry the information that was being requested," he added. "We did do the best that we could."

The FBI and other agencies can do a better job of informing health-care providers about cyberthreats that are "about to break," Rosanova said. The FBI wants to be more proactive with warnings, but in some cases, it won't be able to share as much information as health-care providers would like because of national security issues, he said.

U.S. agencies are already looking for ways to learn from the Community Health Systems breach and concerns about the speed of information sharing, added Danell Castro, program manager at the Critical Infrastructure Information Sharing and Collaboration Program at the U.S. Department of Homeland Security.

Information sharing has come a long way, she said, but still can be improved. Vetting information takes time, but DHS is looking at ways to speed up the process, she said.

While Rosanova talking about health-care providers sometimes needing security clearances to get threat information, those clearance aren't the "secret sauce," Castro said. Instead, participating in a collaborative environment, such as HITRUST's monthly threat briefing, will help drive forward more information sharing, she said.

"The more collaboration you do like this, the better off you will be," he said.

The Community Health Systems breach was tied to the Heartbleed bug, a known vulnerability, with the breach happening earlier this year, when Heartbleed was at its peak, noted Roy Mellinger. vice president and CISO of health-care provider WellPoint.

The news of the breach raised many questions from WellPoint executives, Mellinger said.

The health-care industry's cybersecurity efforts took some criticism following the announcement of the breach, but the industry has "come a long way in the last two or three years," Mellinger said. Still, cybersecurity "practices across the entire industry are not as sufficiently robust as we would all like," he added.

Mellinger called on U.S. agencies to communicate more quickly about threat information. In some cases, even advisories saying, "stay the course, this [threat] is nothing new" would calm executives and shareholders, he said.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags U.S. Department of Homeland SecurityDanell Castrogovernmentindustry verticalsExploits / vulnerabilitiesfbidata protectionRoy MellingerHealth Information Trust AllianceWellPointMichael Rosanovasecurityhealth careCommunity Health Systems

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments