US agencies to release cyberthreat information faster to the health-care industry

Representatives of the FBI and DHS say they're looking at ways to get more information into the hands of health-care providers

U.S government agencies will work to release cyberthreat information faster to the health-care industry after a massive breach at hospital operator Community Health Systems, representatives of two agencies said.

While the FBI issued an alert about the Community Health Systems breach one day after it was announced, government agencies can still do more to warn health-care providers about ongoing threats, said Michael Rosanova, a supervisory special agency at the FBI.

It can be "frustrating" for health-care providers to get threat information from government agencies, Rosanova said during a briefing hosted Thursday by the Health Information Trust Alliance (HITRUST), a health-care cybersecurity vendor.

If cyberthreat information is classified by the government, the FBI and other agencies have to take additional steps before sharing the information, he said. "It's not that easy, unfortunately, to take something with a fairly high security classification ... and get that in a useable context to people that need it," Rosanova said.

In the Community Health Systems breach, "we did make every effort to get the industry the information that was being requested," he added. "We did do the best that we could."

The FBI and other agencies can do a better job of informing health-care providers about cyberthreats that are "about to break," Rosanova said. The FBI wants to be more proactive with warnings, but in some cases, it won't be able to share as much information as health-care providers would like because of national security issues, he said.

U.S. agencies are already looking for ways to learn from the Community Health Systems breach and concerns about the speed of information sharing, added Danell Castro, program manager at the Critical Infrastructure Information Sharing and Collaboration Program at the U.S. Department of Homeland Security.

Information sharing has come a long way, she said, but still can be improved. Vetting information takes time, but DHS is looking at ways to speed up the process, she said.

While Rosanova talking about health-care providers sometimes needing security clearances to get threat information, those clearance aren't the "secret sauce," Castro said. Instead, participating in a collaborative environment, such as HITRUST's monthly threat briefing, will help drive forward more information sharing, she said.

"The more collaboration you do like this, the better off you will be," he said.

The Community Health Systems breach was tied to the Heartbleed bug, a known vulnerability, with the breach happening earlier this year, when Heartbleed was at its peak, noted Roy Mellinger. vice president and CISO of health-care provider WellPoint.

The news of the breach raised many questions from WellPoint executives, Mellinger said.

The health-care industry's cybersecurity efforts took some criticism following the announcement of the breach, but the industry has "come a long way in the last two or three years," Mellinger said. Still, cybersecurity "practices across the entire industry are not as sufficiently robust as we would all like," he added.

Mellinger called on U.S. agencies to communicate more quickly about threat information. In some cases, even advisories saying, "stay the course, this [threat] is nothing new" would calm executives and shareholders, he said.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags U.S. Department of Homeland SecurityDanell Castrogovernmentindustry verticalsExploits / vulnerabilitiesfbidata protectionRoy MellingerHealth Information Trust AllianceWellPointMichael Rosanovasecurityhealth careCommunity Health Systems

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service
Show Comments

Most Popular Reviews

Deals on Good Gear Guide

Deals on Good Gear Guide

Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.


Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?