The federal government is offering two new grant programs for organizations that collect and share cyber threat information, as it looks for new ways to more quickly and effectively share information on potential hacking efforts to healthcare organizations.

The Office of the National Coordinator for Health Information Technology and the Assistant Secretary for Preparedness and Response jointly announced the funding opportunities on Monday.

Funds are available to existing Information Sharing and Analysis Centers (ISACs), which are not-for-profit and member driven organizations intended to share information between various levels of government and industry.

Funds also are available to Information Sharing and Analysis Organizations (ISAOs) that gather, analyze and disseminate threat information but are not sector-specific and could be a local organization or some other type of collaborative.

Under the program, the ISACs and ISAOs could receive $250,000 in the first year of participation in the program to facilitate the sharing of cybersecurity threats within the healthcare and public health sector. The organizations would be required to share information downstream, with relevant stakeholders in the industry, as well as upstream, with federal partners, including the Department of Homeland Security and Federal Bureau of Investigation.

“Using an ISAO to exchange cyber threat information with these healthcare organizations, bi-directionally between HHS and the healthcare and public health sector, we hope to build the capacity to better prevent, detect and respond to cyber attacks,” said Nicole Lurie, assistant secretary for preparedness and response. “Keeping health IT up and running is critical to health system preparedness. Many parts of the healthcare system don’t have access to the information they need to protect themselves from these threats.”

To qualify for funding, existing ISACs or ISAOs would be required to:

  • Provide cybersecurity information and education on cyber threats affecting the healthcare and public health sector.
  • Expand outreach and education activities to ensure that information about cybersecurity awareness is available to the entire healthcare and public health sector.
  • Equip stakeholders to take action in response to cyber threat information.
  • Facilitate information sharing widely within the healthcare and public health sector.

“This coordinated resource will focus on sharing the most up-to-date threat information across the health and public health sectors and will better equip health systems to identify potential threats and further protect electronic health information,” said Karen DeSalvo, MD, national coordinator for health information technology.

President Obama signed an executive order in February 2015 to encourage development of ISACs and ISAOs to share and disseminate cyber threat information and Congress later that year enacted supporting legislation offering liability protection and antitrust exemptions from Freedom of Information Act laws.

Details on the ONC funding are here and the ASPR funding is here.

The move to increase information sharing on cyber threats within the healthcare industry comes at a time when it’s clear that providers and other organizations need more assistance to prevent more attacks to compromise patient information and the security of data systems.

A recent report by the Bureau of Labor Statistics projected substantial growth in the number of jobs for information security analysts. The federal agency predicts that growth in the number of jobs in the sector will increase at an annual growth rate of 18 percent from 2014 to 2024.

Demand will be high because of the need to stop hackers from accessing information across all types of industries, but the report specifically cited increased use of digital records within healthcare as increasing the need for security professionals in the sector.

"As the healthcare industry expands its use of electronic medical records, ensuring patients' privacy and protecting personal data are becoming more important," the BLS report said. "More information security analysts are likely to be needed to create the safeguards that will satisfy patients' concerns."

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access