HHS taps healthcare provider for national cyber information-sharing effort

HHS taps healthcare provider for national cyber information-sharing effort

HHS taps healthcare provider for national cyber information-sharing effort

October 07, 2015 |

Christopher J Castelli

The Department of Health and Human Services has awarded a one-year, $150,000 planning grant to a public healthcare provider in Texas to improve the sharing of cyber-threat information in the healthcare and public health sector.

The grant was awarded last week to the Harris County Hospital District, which is located in and around Houston, TX, HHS official Steve Curren told Inside Cybersecurity in a statement. The healthcare provider rebranded itself Harris Health System in 2012 but still uses its original name in contracts.

“Through this grant, Harris County Hospital District will identify the cybersecurity information needs and gaps of hospitals and other healthcare organizations across the country,” said Curren, director of the critical infrastructure protection program in HHS’ office of the assistant secretary for preparedness and response.

The grant recipient “also will propose a strategy for enhancing the sharing of cybersecurity information among the federal government and private sector partners in order to better protect the critical cyber infrastructure of the nation’s health care system,” he said.

“This planning grant represents a preliminary step toward future activities that HHS may undertake to work with and support information sharing and analysis organizations focused on the health care and public health sector,” Curren added.

Jeffrey Vinson, vice president and chief information security officer for Harris Health System, said the entity is one of the largest healthcare institutions in the country. Harris Health System is at the “tip of the spear” in terms of cybersecurity, he said, noting the cyber-threat intelligence it receives and sees can be leveraged across the healthcare community.

The HHS grant funding is now available, Vinson said. The kickoff meeting with HHS is expected to happen on Oct. 29 or 30, he said.

The HHS grant opportunity notice published in July said the agency would award a total of $150,000 to one or two bidders – ultimately the agency settled on a single winner – to support the creation of an information sharing and analysis organization, or ISAO, for the sector, consistent with the cybersecurity information-sharing executive order that President Obama signed in February. The notice said the start date for the project would be Sept. 29.

The initiative “fills a gap by providing resources to enable cybersecurity information sharing by one or more ISAOs and to broaden access to and dissemination of that information across the sector,” HHS wrote in the grant-opportunity notice.

In answers to questions from industry posted in August, HHS wrote, “The planning grant is for the eventual creation and/or sustainment of an ISAO.”

Industry stood up an information sharing and analysis center (ISAC) for the healthcare and public health sector in 2010. Its membership includes healthcare providers, pharmaceutical companies, laboratories, health insurers and other entities, according to the center’s website.

Asked whether the HHS funding opportunity was designed with a sector-based ISAC in mind, the agency wrote in August that ISACs were one type of ISAO and that any type of ISAO could apply.

“Applicants are expected to be ISAOs themselves rather than organizations that only work with an ISAO,” the department wrote.

“While there is currently no standard process for recognizing or accrediting ISAOs, applicants will be assessed in part on their current organizational capacity and technical expertise related to cybersecurity information sharing and analysis,” HHS added.

The Department of Homeland Security recently selected a team led by the University of Texas at San Antonio to craft standards for ISAOs. The other members of the team are the Logistics Management Institute (LMI) and the Retail Cyber Intelligence Sharing Center (R-CISC). – Christopher J. Castelli (ccastelli@iwpnews.com)

Follow and like us!
Back to top