The Health Information Trust Alliance (HITRUST) is looking to improve its threat information sharing capabilities and provide more assistance to HIPAA covered entities to help them manage cyber threats more effectively.
HITRUST is already providing detailed information on the latest cyber threats via the HITRUST Cyber Threat Xchange (CTX). This service provided rapid intelligence on the recent WannaCry ransomware attacks in May 2017, which affected more than 230,000 computers in more than 150 countries around the world.
The healthcare industry in the United States largely escaped the attacks, largely due to good patch management policies and rapid action in response to the threat. In the case of the latter, the information distributed by HITRUST was invaluable. HITRUST sent threat intelligence two weeks before the first healthcare organization announced it had been affected.
However, sending threat intelligence is only part of the story. That intelligence must be provided in a consumable format. If healthcare organizations cannot use the information, they will be left exposed to attacks. In the case of the WannaCry intelligence, many healthcare organizations said they were unable to use the indicators of threat and compromise sent by HITRUST.
Over the past year, HITRUST has been improving its threat intelligence service via its Enhanced IOC Collection Program. Through the program, HITRUST has the number of indicators of threat and compromise that it has distributed. HITRUST has also evaluated the HITRUST CTX to determine how it can be improved. A number of areas have been identified where improvements can be made. However, in order to make those improvements, help was required.
To make those improvements, HITRUST has partnered with industry-leading cybersecurity firm Trend Micro and has formed the HITRUST Cyber Threat Management and Response Center. One of the main purposes of the new Cyber Threat Management and Response Center is to ensure healthcare organizations of all sizes and levels of cyber maturity can use HITRUST threat information.
The new center will also allow HITRUST speed up research of threats, increase the volume of threat information sent through the HITRUST CTX and provide education to improve organizational threat management.
The partnership will give HITRUST access to Trend Micro’s network of millions of sensors that collect indicators of compromise and also to the research of worldwide labs dedicated to malware and threat research. The additional resources will speed up the analysis of threats and allow faster distribution of IOTs/IOCs to members of the program. HITRUST will also be able to track healthcare-industry specific threats more effectively and provide more, and more timely, details of vulnerabilities.
Mike Gibson, Trend Micro’s vice president of threat research, said “We believe our combined effort will make a positive difference in improving cyber defenses for organizations of all sizes and for our nation’s overall cybersecurity posture.”
