HHS CISO talks new threat briefings, alerts for health industry
The new threat alert system for the health care industry will enhance cyber readiness.
The U.S. Department of Health and Human Services' CISO shared how a new threat alert system for the health care industry will enhance the cyber readiness of the public and private sectors.
On Thursday, Kevin Charest spoke to SCMagazine.com about the initiative – a partnership effort between DHHS and the Health Information Trust Alliance (HITRUST).
The agency and HITRUST, which helped establish the Common Security Framework for protecting personal health and financial data, also teamed up earlier this year to announce ongoing cyber attack exercises, dubbed “CyberRX,” to test the industry's threat preparedness.
Now, the entities have announced that they will conduct monthly cyber threat briefings to help organizations understand risks impacting the industry. In addition, an alert system established by HITRUST, called “C3 Alert” will also be available to notify organizations of threats.
The alert system was designed to pinpoint high probability and high impact cyber threats targeting the industry, according to a release on the initiative.
In a Thursday interview, Charest told SCMagazine.com that the joint effort was born out of DHHS and HITRUST's continued collaboration in sharing basic threat information impacting the health care sector. Both entities have erected threat centers, he added.
“We don't have the ability to issue alerts to any and everybody, but what [DHHS] can do, and what we are doing, is partnering with folks like HITRUST who have a constituency,” Charest said, later adding that the system would become “self sustaining” with the input and feedback.
A press release explained that the free cyber alerts are to be issued anytime HITRUST Cyber Threat Intelligence and Incident Coordination Center (C3) “identifies a present and immediate cyber threat relevant to a large number of health care organizations, medical devices or systems.”