Guidance on Healthcare Information Sharing Organizations Published by HSCC

The Healthcare and Public Health Sector Coordinating Council (HSCC) released guidance on cybersecurity information sharing for healthcare organizations.

HSCC is a partnership of over 200 public-private companies and organizations, such as health IT organizations, healthcare device manufacturers, pharmaceutical firms, laboratories, health plans, payers and government institutions. Its purpose is to deliver collaborative solutions to aid in mitigating cybersecurity threats impacting the healthcare market.

The Health Industry Cybersecurity Matrix of Information Sharing Organizations (HIC-MISO) is HSCC’s fourth cybersecurity resource publication as ordered by the Health Care Industry Cybersecurity Task Force to help address the threats and risks of information sharing in the industry. HSCC published other resources, which cover the health industry best practices in cybersecurity, the medical device joint security plan, and the health industry cybersecurity workforce.

A lot of health organizations are beginning to realize the value of cybersecurity information sharing yet they do not know where to start. With the increase of cyberattacks on healthcare organizations, it is important for an organization to establish awareness and preparedness via community engagement.

The purpose of the HIC-MISO is to assist healthcare companies in understanding the great importance of cybersecurity information sharing and to provide the resources they need to begin participating in threat sharing. The HIC-MISO lists the most frequently utilized information sharing organizations (ISOs) in the healthcare market coupled with information of the services they offer.

To make the HIC-MISO hassle-free and manageable, it is restricted to the most commonly utilized ISOs helping the healthcare sector at a national instead of regional level. The HIC-MISO consists of information on ISOs including HITRUST, HPH-SCC, H-ISAC, and MED-ISAO, together with the mission/role of each, the services offered, and any fees of participation. It is directed at healthcare companies with no resources to take part in more than one to two threat sharing groups.

HSCC advises healthcare companies that are not presently taking part in threat sharing to start small and to share only the most essential information. As the program matures and organizations become more at ease with threat sharing, even more information may be shared expanding the program. The most crucial step is to begin.

The HIC-MISO is provided a guide that allows organizations to create an information management structure that’s suitable to the size of the business, the available resources, and its risk profile.