Within H-ISAC (Health Information Sharing and Analysis Center), members join a trusted community and collaborative forum. Daily sharing of highly actionable information expands its security teams’ resources through input aggregated by thousands of global analysts. Members share threat indicators of compromise, phishing emails, incident response tactics and pragmatic advice such as how to effectively report InfoSec topics to their respective Board of Directors. Such collaboration led to the creation of a customizable money-saving algorithm which the entire H-ISAC membership uses to scan and scrub the Deep Dark Web for exposed member data.
A Trusted community
In the past, security data was closely guarded by companies; however, now via the connections established within H-ISAC, organizations willingly share and receive information to head off developing threats as quickly as possible. Members in the community monitor adversarial movements and share that sensitive data. One member’s defense immediately becomes an offense for the rest of the community.
Trust built through H-ISAC networking activities at Spring, Fall and European Summits is reinforced via working groups, exercises and exchanges on H-ISAC’s real-time chat platform. “H-ISAC is the best intelligence we have. This includes participating in working groups and bringing that information back to my team and the chat room to see how my peers are responding to incidents,” said one member speaking at a recent conference.
Downtime is costly
The H-ISAC membership community understands the value of receiving threat intelligence to prevent a possible breach. In the wake of a cyberattack, the downtime alone costs healthcare entities $740,357 per incident and is comprised of business disruption costs, lost revenue costs, and end-user productivity1. Today, a plethora of costly cybersecurity solutions are used by healthcare organizations in an effort to keep workflow steady and patient data secure.
Money saving community collaboration
Several members recently created an algorithm to fulfill a need of their own organization and then shared it with the global membership community. When members of the H-ISAC community discover a solution that assists their organization, they share it with the community with reciprocal zeal – just as they welcome best practices shared from other members.
Bad actors take full advantage of sensitive data leaked onto the Dark Web, especially lucrative healthcare data. The BiMeta tool is a custom algorithm comprised of 6 tools which scan the Deep Dark Web for each member’s specific keywords, including their domain names and other important data. Using this algorithm, all H-ISAC members receive complimentary alerts as part of their membership, saving them hundreds of thousands of dollars from security services they would otherwise need to purchase individually. The tools within BiMeta identify stolen user credentials, domain spoofing (registering similar looking/sounding names), data exposed on Cloud services, and keywords that can be used to locate stolen intellectual property. When a member receives an alert, exposed data can be quickly remediated, and time sensitive patient healthcare work flow can continue without dangerous interruption.
Any organization that plays a hands-on role in the work flow of a patient’s care can become part of this community. A variety of security and information technology professionals, including CISOs, CIOs, software architects, threat hunters and malware analysts, comprise the H-ISAC community. Diverse membership creates the opportunity for beneficial cross organizational conversations, such as between healthcare providers and medical device manufacturers.
Membership includes automated sharing through industry standard protocols including STIX™ and TAXII™ data feeds with the H-ISAC repository serving as the central hub for the healthcare sector. Machine speed software solutions facilitate the collection of cyber threat intelligence from various sources, utilizing a universal language and transportation protocol. Data is received from member organizations, governments, law enforcement, other ISACs, global CERTs and Intelligence partners.
Anything that can help thwart a data breach, saves an entity time and money. Each incident becomes a best practice for each organization in the H-ISAC community and increases the resilience of public health critical infrastructure and healthcare worldwide. Collectively, H-ISAC organizations bolster security through sharing and receiving threat information. It takes a community.
