Menu
US agencies to release cyberthreat information faster to the health-care industry

US agencies to release cyberthreat information faster to the health-care industry

Representatives of the FBI and DHS say they're looking at ways to get more information into the hands of health-care providers

U.S government agencies will work to release cyberthreat information faster to the health-care industry after a massive breach at hospital operator Community Health Systems, representatives of two agencies said.

While the FBI issued an alert about the Community Health Systems breach one day after it was announced, government agencies can still do more to warn health-care providers about ongoing threats, said Michael Rosanova, a supervisory special agency at the FBI.

It can be "frustrating" for health-care providers to get threat information from government agencies, Rosanova said during a briefing hosted Thursday by the Health Information Trust Alliance (HITRUST), a health-care cybersecurity vendor.

If cyberthreat information is classified by the government, the FBI and other agencies have to take additional steps before sharing the information, he said. "It's not that easy, unfortunately, to take something with a fairly high security classification ... and get that in a useable context to people that need it," Rosanova said.

In the Community Health Systems breach, "we did make every effort to get the industry the information that was being requested," he added. "We did do the best that we could."

The FBI and other agencies can do a better job of informing health-care providers about cyberthreats that are "about to break," Rosanova said. The FBI wants to be more proactive with warnings, but in some cases, it won't be able to share as much information as health-care providers would like because of national security issues, he said.

U.S. agencies are already looking for ways to learn from the Community Health Systems breach and concerns about the speed of information sharing, added Danell Castro, program manager at the Critical Infrastructure Information Sharing and Collaboration Program at the U.S. Department of Homeland Security.

Information sharing has come a long way, she said, but still can be improved. Vetting information takes time, but DHS is looking at ways to speed up the process, she said.

While Rosanova talking about health-care providers sometimes needing security clearances to get threat information, those clearance aren't the "secret sauce," Castro said. Instead, participating in a collaborative environment, such as HITRUST's monthly threat briefing, will help drive forward more information sharing, she said.

"The more collaboration you do like this, the better off you will be," he said.

The Community Health Systems breach was tied to the Heartbleed bug, a known vulnerability, with the breach happening earlier this year, when Heartbleed was at its peak, noted Roy Mellinger. vice president and CISO of health-care provider WellPoint.

The news of the breach raised many questions from WellPoint executives, Mellinger said.

The health-care industry's cybersecurity efforts took some criticism following the announcement of the breach, but the industry has "come a long way in the last two or three years," Mellinger said. Still, cybersecurity "practices across the entire industry are not as sufficiently robust as we would all like," he added.

Mellinger called on U.S. agencies to communicate more quickly about threat information. In some cases, even advisories saying, "stay the course, this [threat] is nothing new" would calm executives and shareholders, he said.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags U.S. Department of Homeland SecurityDanell Castrogovernmentindustry verticalsExploits / vulnerabilitiesfbidata protectionRoy MellingerHealth Information Trust AllianceWellPointMichael Rosanovasecurityhealth careCommunity Health Systems

Featured

Slideshows

Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Veritas honours top performing trans-Tasman partners

Veritas honours top performing trans-Tasman partners

Veritas honoured its top performing partners across the channel in Australia and New Zealand, recognising innovation and excellence on both sides of the Tasman. Revealed under the Vivid lights in Sydney, Intalock claimed the coveted Partner of the Year 2017 (Pacific) award, with Data#3 acknowledged for 12 months of strong growth across the market. Meanwhile, Datacom took home the New Zealand honours, with Global Storage and Insentra winning service provider and consulting awards respectively. Dicker Data was recognised as the standout distributor of the year, while Hitachi Data Systems claimed the alliance partner award. Photos by Bob Seary.

Veritas honours top performing trans-Tasman partners
Show Comments