HHS picks health care ISAC
The Department of Health and Human Services awarded a health care information sharing and analysis center in Florida $350,000 to help develop a system for sharing cyberthreat information across the public heath and health care sectors.
HHS granted the funding to the National Health Information Sharing and Analysis Center of Ormond Beach, Florida, in two cooperative agreements from the Office of the National Coordinator for Health IT and the Office of the Assistant Secretary for Preparedness and Response.
With the two awards, the Florida ISAC will “provide cybersecurity information and education on cyberthreats to healthcare sector stakeholders” and “help build the infrastructure necessary to disseminate cyberthreat information securely to healthcare partners,” according to a release.
“These agreements mark a critical first step toward addressing the growing threat cybersecurity poses to the health care and public health sector,” said Nicole Lurie, HHS’ assistant secretary for preparedness and response. “Creating a more robust exchange about cybersecurity threats will help the industry prevent, detect and respond to these threats and better protect patients’ privacy and personally identifiable information.”
HHS is charged by the Cybersecurity Information Sharing Act of 2015 as a sector-specific agency to share cyberthreat information with private sector organizations through an information sharing and analysis organization.
Health care leaders responded to a recent preliminary survey that threat information sharing is “too slow in the sector” and that a centralized source for sharing is needed, as well as automated sharing and a “common technical language and platform” to facilitate it.
The idea is that with a central ISAC, HHS will share threat information with it, and it will then disseminate it out more widely to the private sector entities, which might not have access to such information typically. Likewise, the ISAC will pass on threat information from private entities back to HHS and other public health organizations
“The security of electronic health information is foundational to our increasingly digitized health system,” said Vindell Washington, national coordinator for health information technology. “This funding will help healthcare organizations of all sizes more easily and effectively share information about cyberthreats and responses in order to protect their data and the health of their patients.”