HISCE logo3a

Introduction:
Over the course of a year-long process that began in early 2016, the COSHeatlh Innovation Group (comprised of a local group of 60+ strong Healthcare Professionals, Economic Development Organizations, and Business Development and Support Service Providers), met over the course of many months to chart a course in the development of a "Center of Excellence" for the development of a set of best practices and industry standards for Secure Health Care Information Sharing.
 
coshealthlogo1smThe collective conclusion of this year-long market research, technology assessment, and meetings with local healthcare providers, government agencies, military representatives, and local commercial businesses by representatives of the COSHealth team was to establish a "Center of Excellence for Health Care Cyber Security" in Colorado Springs with the following characteristics;
 
  • Build the foundation for community trust in and safety of health information
  • Bring money/ financing/ R+D funding into the community to build a secure health information ecosystem
  • Serve as a forum for community information exchange and feedback on health information security
  • Provide answers to questions from the community on health information security
  • ncclogosmEstablish the infrastructure (data, bandwidth) for information needed to support community-wide cyber security; support the ISAO already established here, and begin coordinating with and working closely with the National Cybersecurity Center that has been recently formed here in Colorado Springs.

Implementation and Execution Activities:

  • Provide the “go-to” knowledge base and platform for learning about health information security best practice
    • Promote training materials, e.g. Cybrary, ISACA, ISSA courses, MGMA Risk Framework
  • Ensure deployment of information security best practice throughout our community
    • Promote and facilitate implementation of the Open Group standards, TOGAF framework, ITIL and ITSM, and NAT1 standards across the community
    • Spread adoption of uniform standards, enhancing existing standards as needed
    • Create value-driven discussions between health information security professionals and cyber security experts

Including the Local Community:

  • Educate health care consumers and purchasers on health information security
  • Cover the entire community, remembering to include especially small practice/ behavioral health, senior care, skilled nursing facilities
  • Insure that underserved people are educated and their health information protected
  • Involve health care providers, payers and consumers
 
Formation of the Health Information Security Center of Excellence:  (HISCoE)
 As a result of the research completed, interviews with key healthcare providers in Colorado, and discussions with the NCC staff, as well as a concensus of local cyber security professionals the COSHealth team has formed the Health Informatin Security Center of Excellence. 
 
nccncxcombologosmThe new HISCoE targets unique partnerships with Healthcare Service Providers and Healthcare Industry Associations througout Colorado, (initially) with a goal to expand these relationships nationally.   In addition, we have developed a close working relationship with a number of CyberSecurity technology companies, training service providers, and CyberSecurity software experts in Colorado, and will be working closely with the team at the National CyberSecurity Center, and National Cyber Exchange, (NCC/NCX) that have recently announced their strategic partnership. 
 
We have created an 8-person Governing Board, and a 10-20 person Advisory Board to support the activites of the HISCoE, and have begin to develop a number of initial public facing events, discussion panels, and partnerships and alliances with a number of Colorado-based Healthcare Organizations, Industry Associations, Health IT Innovation Incubators, and Accelerators.
 

Why is the HISCoE Needed ?

  • The health care industry as a whole is being targeted by cyber threats at an increasingly alarming rate !
  • Once outpaced significantly in terms of breaches and malicious attacks by other sectors such as financial and retail, health care is no longer on the sidelines.
  • Bringing them front and center are five of the eight largest security breaches that have affected this industry in the last five years.

hcdatabreeches

According to IBM X-Force Interactive Security Incidents data from Jan. 1, 2015 to Oct. 31, 2015,
all five occurred in the first half of 2015, with almost 100,000,000 health care records compromised !

 

Healthcare Data Black Market

Healthcare data is highly valuable to hackers because they can sell it for a high price on the black market. And patient information that contains social security numbers is in especially high demand right now as it can be sold for upwards of $50 per record !

When compared to stolen credit card numbers, which only sell for about $1 each, the urgency to protect this data is obvious. Hackers stand to make a lot of money off of major breaches that expose millions of people’s data and the headlines indicate that the industry is losing this battle.

healthrecordssell

Criminals can also use medical records to fraudulently bill private insurers and Medicare. They can steal patients’ identities for free consultations or to get prescriptions they can ultimately sell. Unfortunately, it gets worse. The consequences of a data breach are disproportionately high for the healthcare industry.


For information about the work of the HISCoE, or to get on our mailing list, or to make contact with our Governing or Advisory Board Members, feel free to email us at: This email address is being protected from spambots. You need JavaScript enabled to view it. or sent us a contact inquiry using our online contact form here:  ConnectCore Contact.