Strong healthcare cybersecurity education is important for facilities of all sizes, and can be improved through information sharing, according to a recent blog post by the American Hospital Association (AHA).
The AHA broke down the National Institute for Standards and Technology’s (NIST) “Draft Guide to Cyber Threat Information Sharing,” which was published on Oct. 29, 2014. According to the AHA, the NIST guide explains why using open, standard data formats and transport protocols when sharing data with multiple organizations is important. Essentially, this approach ensures that no time is lost while converting or understanding the importance of the data, the AHA said.
The NIST guide also highlighted several factors that need to be considered when an organization decides the incident-related information to be shared with other agencies:
- Risk of disclosure
- Operational urgency and need for sharing
- Benefits gained by sharing
- Sensitivity of the information
- Trustworthiness of the recipients
- Methods and ability to safeguard the information
“The guide presents two main models of the architecture of an information-sharing relationship – centralized and peer to peer – and describes the benefits and risks of each,” the AHA post read. “The centralized model, also known as a hub and spoke model, offers such benefits as the aggregation, correlation, and analysis of information from multiple sources, as well as the ability to sanitized or remove attribution from those providing the data.”
A centralized system has risks because of its reliance on the “hub” organization’s infrastructure, according to the AHA. Since the hub collects data from numerous sources, it is in danger of being a major target for an attack.
“The peer-to-peer model is less vulnerable to an attack on one entity shutting down the entire network, and has the benefit of allowing information to flow directly from one organization to another (or a group of others), rather than delaying the distribution of the information,” the AHA stated.
However, organizations not using the same information-sharing formats and methodologies could negatively affect the peer-to-peer network. Additionally, those networks could face hurdles because of how the costs of sharing and analyzing shared data can increase as the network grows, the AHA said.
Even so, the AHA explained that it hopes the NIST guide will be beneficial for the healthcare industry. The healthcare sector has been implementing information sharing for some time, and has several groups that promote healthcare cybersecurity education. It is essential for entities to take advantage of those groups, as well as ones that promote secure information sharing, to learn best practices for healthcare cybersecurity, according to the AHA.
NIST is expected to have a final version of its cybersecurity guide during the first quarter of this year. Comments can no longer be accepted on the draft version, but the AHA encouraged healthcare organizations to join groups that encourage proper healthcare cybersecurity education.
“These types of organizations provide members access to a secure information exchange infrastructure to allow for the free flow of actionable cyber intelligence, situational awareness and incident response information, as well as white papers and reports detailing best practices for the industry,” the blog post stated.
The post Healthcare Cybersecurity Education Critical, Says AHA appeared first on HealthITSecurity.com.