Heather Kuldell | Nextgov | May 12, 2017 | 0 Comments

HHS’ Cyber Threat Center Comes Out of Beta Soon

Gil C/Shutterstock.com

The Health and Human Services Department’s nascent cybersecurity center will soon reach initial operating capability to help share threat information with a sector constantly under attack and often short of cyber personnel of its own.

Based on the Homeland Security Department's National Cybersecurity and Communications Integration Center, the Healthcare Cybersecurity Communications and Integration Center will share health-care specific threats information with other agencies and the private sector. The center expects to reach initial operating capability June 30, HHS officials told the CyberSecureGov audience in Washington on Thursday.

“Relatively speaking, we're the new kids on the block playing in the biggest and toughest neighborhood at the moment,” Leo Scanlon, HHS senior adviser for health care public health cybersecurity.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

Scanlon painted a grim picture of the challenges health care organizations face: rising ransomware attacks on organizations of all sizes, the difficulty to secure medical equipment never intended to be connected to the internet, and valuable data without cybersecurity staff to protect it.

“How many mortuaries do you think have a cybersecurity officer protecting their systems?” Scanlon asked. “Guess what's in a funeral home? The entire life history of every single person whose body is passing through medical records—cause of death, time of death, place of death. Everything you need to create an identity.”

Only about 2 percent of the sector—the insurance and pharmaceutical companies—have the resources and the know how to protect their data and share information with each other.

“Below the 2 percent is 98 percent of the rest of the sector that has virtually no cybersecurity capability, often not even a CIO in a small- or medium-size medical practice,” Scanlon said.

One of the biggest challenges for HCCIC will be to drop the cyber jargon and share threat information in a way medical professionals understand how it impacts their businesses, said HCCIC Director of Operations Maggie Amato.

“My mother is a hospice nurse so she's the customer that’s always in my head,” Amato said. “So trying to explain cybersecurity to my mom is a little bit difficult. My example is that if I tell my mother we have a vulnerability, she’ll give me a tissue and tell me it’s OK to cry.”

The center plans to put out how-to or step-by-step guides and is exploring the idea of a 311-style line to help private-sector partners, she said. But that’s down the line.

While the center has been in “beta mode,” it’s been building more collaborative relationships with HHS’ many component agencies, like the Food and Drug Administration and the Centers for Medicare and Medicaid Services. The center’s also been getting best practices and lessons learned from NCCIC while also building partnerships with other health care-focused agencies, such as the Defense Health Agency and the Defense and Veterans Affairs departments.

“We really do want to get to a place where we are collaborating with each other and cooperating across the board; having dynamic threat sharing and not just automated indicators but how-to guides,” Amato said.


Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.