H-ISAC White Paper – “It’s not who’s first…it’s who puts the industry first”
“It’s Not Who’s First…
It’s Who Puts The Industry First“
By:
H-ISAC Threat Intelligence Committee
Jim Routh, CSO Aetna Global Security
H-ISAC – “The healthcare industry has been hit with two significant and subsequent cyber challenges in recent weeks (WannaCry and Petya) both of which caused business impact for several organizations and in both cases the damage was largely mitigated across the industry. This information is widely known; what is not widely known is what the role of information sharing was between private industry and the public sector specifically between the H-ISAC Threat Intelligence Committee members (TIC) and the HHS Healthcare Cybersecurity Communications and Integration Center (HCCIC). In times of cyber crisis it is imperative for all enterprises to understand what the indicators of compromise (IOCs) are, how the malware works and spreads, and ultimately what controls are effective. These three steps appear to be simple but can be illusive without the right access to cyber communities that share resources and analysis. The HCCIC supported the emergency response team in the HHS Secretary’s Operations Center (SOC) throughout both the WannaCry and Petya incidents. The HCCIC is how HHS carries out its cybersecurity responsibilities as directed in Presidential Policy Directive 41 and the National Cyber Incident Response Plan from the US Computer Emergency Readiness Team or US-CERT. The H-ISAC is the primary interface from the private sector for the HCCIC to share information and respond in times of business resiliency crisis.”