Regulators have released final procedures for how the government handles cybersecurity information shared by companies, but health-care organizations are already embracing data-sharing communities as a way to better prepare for cyberthreats.
The Department of Homeland Security and the Department of Justice also released instructive guidance to companies that wish to gain liability protection if they share cybersecurity threat information with the government (81 Fed. Reg. 39,061, 6/15/16) (RIN:2016–134742). The documents outline the protections private companies can obtain under the Cybersecurity Information Sharing Act (CISA), passed in 2015.
While the health-care industry welcomed the guidance, many hospitals and payer organizations over the past year have used both informal programs and federal data-sharing organizations to share cyberthreat information, Lee Kim, director of privacy and security for the Healthcare Information and Management Systems Society, told Bloomberg BNA.