Earlier this year, two weeks before the WannaCry cyberattack hit and crippled hundreds of healthcare organizations in the U.K., one organization — the Health Information Trust Alliance (HITRUST) — was able to spot and warn healthcare organizations of a potential attack. Most organizations, however, weren’t able to consume and use the information effectively enough to protect themselves from the attack.
This is because, while cyberthreats are growing across the medical ecosystem, most organizations don’t have the ability to access, understand and use much of the important information out there.
For this reason, HITRUST, a coalition of health industry leaders that aim to provide better health data security, and cybersecurity company Trend Micro formed a partnership earlier this year that aims to form the tools and resources necessary to further the exchange and understanding of health data and security information.
Building Out Healthcare-Specific Cybersecurity Resources
To do this, the companies began by focusing on expanding the threat sharing capabilities of the HITRUST Cyber Threat XChange, a platform that collects and analyzes potential cyberthreats and the one that originally spotted WannaCry.
Through the partnership, the HITRUST Cyber Threat Management and Response Center was launched on Oct. 1. It aims to bring health IT stakeholders from across the ecosystem into the cybersecurity fold.
“What is new is having stakeholders spend time trying to enhance collection and dissemination of [indicators of compromise] IOCs, but what has been lost is that information sharing must be part of an overall threat management strategy or there is no value,” Daniel Nutkis, CEO at HITRUST, tells Health Data Management.
The response center will offer access to HITRUST’s assets as well as nearly 52 million additional Trend Micro sensors at work detecting and analyzing cyberthreats. Moreover, users can submit suspicious code to the threat management center, which Trend Micro experts will review.
“We need additional analytical capabilities, and partnering was the best approach,” Nutkis tells the site.
As one of the first of its tools from the center, in early October, the partners announced the HITRUST Cyber Threat XChange (CTX) Deceptive, “a deception-based threat detection collaboration platform” that deploys honeypots, or computer systems set up to lure cyberattackers, across the healthcare ecosystem. The honeypots are set up to look like electronic health records, medical devices and other healthcare-specific tools.
“Our experience with honeypots allows us to understand the results of malicious activity within the HITRUST CTX and provide an advanced level of protection,” said Mike Gibson, vice president of threat research at Trend Micro, in a statement. “With enhanced visibility into the network, early detection of attacks in the decoy environment can improve the industry’s time-to-respond with third-party integrations to isolate and block attacks. Trend Micro’s industry expertise is now taking the healthcare industry to a much higher level.”
The partnership should enable the organizations to build out cybersecurity tools that not only provide the information on the next WannaCry-like attack, but also the understanding necessary to use it.
“We need to ensure there are options available to aid organizations regardless of resources in mitigating cyber threats and this requires an investment in significant resources, including hundreds if not thousands of research staff, timely and broad access to IOCs and other cyber threat intelligence, and in-depth knowledge of how organizations respond to cyber threats,” said Roy Mellinger, Vice President and CISO, Anthem and Member, Department of Health and Human Services (HHS) Health Care Industry Cybersecurity Task Force in the initial partnership announcement.