Gain optimum efficiency through the introduction of automated provisioning, advanced real time reporting and support reduction.Learn more
Gain Security Intelligence by integrating your tools and creating policies that allow automation to meet the demand and scale of the digital world.Learn more
From determining the best software products to full managed service offerings, our team of IDM experts can generate a roadmap.Schedule A Meeting
The United States Senate recently passed the Cybersecurity Information Sharing Act, known as CISA. Under this Act, government agencies, corporations and organizations have to share information with each other to identify cybercriminals and gather cyberthreat information. Many companies and individuals have issues with a lack of clarity in the bill, along with privacy concerns as government agencies gain access to sensitive business data. Here are the top 10 things Health IT Experts need to know about CISA and its impact.
1. Under CISA, government agencies gain access to Electronic Health Records previously inaccessible to the government.
2. CISA ignores established company privacy policies.
3. Businesses that share data with the Department of Homeland Security gain legal immunity from litigation related to data collection efforts looking for cyberthreat indicators.
4. The exact data related to cybersecurity threats is not defined in this Act, which may put health information at risk.
5. While personally identifying information is supposed to be removed from any data shared through CISA, remaining in compliance with HIPAA regulations while sharing information may be difficult.
6. CISA only requires reasonable belief that personally identifying information is not contained in the data sent to government agencies, which opens up the possibility of personal information getting mixed in with cyberthreat indicators.
7. Healthcare providers can gain access to cyberthreat information previously available only through "pay-to-play" data sharing groups, which opens up data access for providers with lower budgets for threat intelligence.
8. CISA fails to define and limit how government agencies can use the data provided to them.
9. The Department of Homeland Security disseminates threat information to other agencies, including the National Security Agency, creating concerns of this Act facilitating unwarranted surveillance.
10. Due to a lack of clarity in the bill, patients could be reasonably concerned over the control and unintentional over sharing of data.
CISA is a controversial bill due to its vague language and compromised privacy, but the other problem is whether it is effective for its intended purpose. Threat intelligence sharing is not a new concept, but high-profile data breaches in the Health Industry, such as the Blue Cross Blue Shield breach, make a case for strong threat management. eSecurity Planet reports 91 percent of healthcare organizations suffered from a data breach in the past two years, but detection speed is also an essential factor. If the organizations share data weeks or months after a breach, it may be of limited use.