The Department of Health and Human Services (HHS) is planning to create its own version of a National Cybersecurity and Communications Integration Center (NCCIC) that is modeled after the Department of Homeland Security’s (DHS’s) NCCIC. More details are forthcoming, but plans are to have the HHS communications and collaboration center initially operational by the end of June 2017. The Center is expected to collect cybersecurity threat information from healthcare community partners and share that information as well as best practices for mitigating future security concerns with the entire healthcare enterprise.
As background, it’s helpful to look at the mission of the DHS NCCIC—which focuses on sharing cybersecurity information among public and private sector partners to build awareness of vulnerabilities, incidents, and mitigations. The services that the DHS NCCIC provides are available at no cost; cyber and industrial control systems users are able to subscribe to applicable information products, feeds, and services.
How the new HHS effort will interact with the work of the National Health Information Sharing and Analysis Center (NH-ISAC) is an open question. On October 4, 2016, HHS awarded cooperative agreements totaling $350,000 to strengthen the ability of health care and public health sector partners to respond to cybersecurity threats. These agreements are intended to help foster the development of a more vibrant cyber information sharing ecosystem within the healthcare and public health sector.
The Office of the National Coordinator for Health Information Technology (ONC) awarded a cooperative agreement to the NH-ISAC to provide cybersecurity information and education on cyber threats to healthcare sector stakeholders. HHS’ Office of the Assistant Secretary for Preparedness and Response (ASPR) also awarded a cooperative agreement to NH-ISAC to help build the infrastructure necessary to disseminate cyber threat information securely to healthcare partners.