At the HIMSS Healthcare Security Forum Monday morning, Greg Singleton, director of the Health Sector Cybersecurity Coordination Center at the U.S. Division of Health and Human Services, explained how HC3 sees the current threat landscape – and defined how HHS can help the private sector handle myriad cyber risks.
Singleton acknowledged that some people in the audience might be wondering what the federal government is doing at an event like this one.
But Singleton had handy a bit of regulatory language, U.S. Code 6 U.S.C. subsection 1501(3), which reads “any non-federal group that shares cyber threat indicators with an appropriate federal entity is considered voluntary data sharing.”
That shared information can’t be further shared for specific regulatory purposes, he explained – that means that HC3 wouldn’t report any vulnerability information shared with it from a private-sector well being system to the Office of Civil Rights.
HC3 depends on robust threat intelligence sharing as it works on “constructing a bi-directional network of non-public sector entities for continuous sharing and refinement of data,” he stated.
It works towards this aim, Singleton stated, by pursuing trust-building, engagement, and strong defense. In 2019, it has revealed a spate of white papers and intelligence briefs on telehealth cybersecurity, AI threats, the dark web PHI market, supply chain threat administration, and more.
Singleton compared it with a “neighborhood watch” tasked with keeping an eye out for the data security and technological integrity of a healthcare industry that accounts for 18% of U.S. GDP.
In still another instance, an associate organization noticed an entity’s master login credentials being sold on the dark web – reached out to HHS to notify them.