As cyber attacks increasingly buffet the healthcare industry, two prominent organizations are coming together to facilitate the sharing of threat data.

The National Health Information Sharing and Analysis Center has aligned with the Electronic Healthcare Network Accreditation Commission, which certifies healthcare vendors and business associates for meeting best business practices, will harmonize efforts to reduce the growing threat of HIPAA breaches, incidents and cybersecurity attacks.

The agreement was formalized through a memorandum of understanding, says Denise Anderson, president of NH-ISAC. The collaboration is significant, because there’s growing need for healthcare organizations to share threat level data; this information has been ineffectively shared in the past because of competitive pressures and the disjointed nature of the industry. As cyber attacks rise against healthcare organization, it will become increasingly important for threat information to be shared quickly and widely.

iStock

The partnership of EHNAC and NH-ISAC brings new knowledge and perspectives to each organization, Anderson says. Both organizations have working groups studying threat data issues, such as data authentication and access, and members of each organization will join the working group of the other. The organizations also will cooperate on developing conferences, white papers, web seminars, workshops and other events to promote the sharing of threat data among healthcare organizations.

"We are our own worst enemy, and if we don’t come together and share information, the bad guys are sharing information, and shame on us," Anderson contends.

EHNAC and NH-ISAC also work with other appropriate entities, such as the HITRUST industry collaborative and federal agencies. NH-ISAC members, which include some of the largest organizations in healthcare, share information daily, Anderson says, but overall its members represent only a small portion of the industry.

Quote
We are our own worst enemy, and if we don’t come together and share information, the bad guys are sharing information.

In part, that’s because cyber attacks are a relatively new phenomenon in healthcare, as the Internet was not widely adopted and extensively used until the electronic health records meaningful use program brought healthcare into the digital era.

To raise awareness and promote the benefits of sharing threat data, industry-specific Information Sharing and Analysis Centers were authorized in 1998 under a directive from President Bill Clinton. While some industries formed their own ISACs soon after that directive, NH-ISAC wasn’t created until 2010.

Other industry-specific ISACs include established financial, retail and IT programs, among others, as well as new programs covering the airline and automotive industries, which are aggressively connecting to the Internet.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access