The project focuses on gaps in collection and use of indicators of compromise.
A new pilot evaluating ways to improve collection and sharing of cyber threat indicators of compromise, or IOCs, suggests healthcare organizations can dramatically increase the volume, timeliness and usefulness of IOCs contributed to HITRUST by implementing enhanced criteria developed by the security collaborative.
For the first time, 100 percent of the enhanced IOC collection pilot group members submitted IOCs during the 30-day period, according to HITRUST. That improvement proved even more significant, officials say, given that during the same 30-day timeframe, 88 percent of the IOCs had not previously been seen or identified by any open source.
Healthcare organizations can better prepare for – and respond faster to – new and emerging cyber threats when improved information sharing plays a bigger role in their cyber defense strategies, according to HITRUST.
"When cyber threat information is timely, consumable, actionable and available to a much larger audience, it becomes a much more valuable resource in defending our environment and the entire healthcare eco-system against attacks," said Omar, Khawaja, vice president and chief information security at Highmark, a member of HITRUST's executive council.
The pilot also shows that threat information sharing does not need to be limited to the largest organizations, and the scalable sharing of IOCs can be achieved throughout healthcare organizations of varying size, intelligence appetite and security maturity, according to HITRUST.
With ransomware and other malware setting sights on healthcare, these pilot developments are significant, officials say, helping ensure collection and consumption of more relevant and timely IOCs that can be more widely used by the healthcare industry.
"Innovating and ensuring IOC sharing is providing the most value to the broadest group of constituents to help the healthcare industry reduce overall cyber risk," said HITRUST CEO Daniel Nutkis, in a statement.