HITRUST Advances the State of Cyber Threat Information Sharing for the Nation’s Healthcare Sector
<< All Press Releases

Date: September 28, 2016

First Healthcare Information Sharing Organization to Contribute to DHS’s Automated Indicator Sharing Program

Frisco, Texas – September 28, 2016: The Health Information Trust Alliance (HITRUST), the leading organization supporting the healthcare industry in advancing the state of information protection, has become the first healthcare information sharing organization connected and sharing cyber threat indicators with the Department of Homeland Security’s (DHS) Automated Indicator Sharing (AIS) Program.

The HITRUST Cyber Threat XChange (CTX), the health industry’s Information Sharing and Analysis Organization (ISAO), is now fully integrated with AIS and supports bi-directional cyber threat indicator exchange with AIS to aid organizations in reducing their cyber risk. Given the recent rise in cyber threats targeting the healthcare industry, HITRUST believes bi-directional integration into the AIS program will ensure that relevant and timely cyber threat information (CTI) from HITRUST and government are available – ultimately bolstering the overall cyber posture of all of the nation’s critical infrastructure.

DHS AIS capability enables the exchange of cyber threat indicators between the federal government and the private sector at machine speed. AIS is a part of DHS’s effort to create an ecosystem where, as soon as an organization or federal agency observes an attempted compromise, the CTI will be shared in real time through AIS to more effectively protect organizations from that particular threat.

HITRUST has already been sharing CTI in near real-time through the HITRUST CTX with organizations in the healthcare sector as well as other industries. HITRUST CTX enables seamless and near real-time CTI exchange through its support for STIX, TAXII, SIEM integration and a robust API.

HITRUST CTX continues to improve in the number of unique indicators of compromise (IOCs) it shared across healthcare organizations each month – going from 186 unique IOCs during September 2015 to 5,158 during September 2016. In addition, a recent review found HITRUST’s Enhanced IOC Collection Program is capturing many IOCs before any other public or commercial source, with more than 50% of the overlapping IOCs seen by HITRUST first, and many more being seen solely by HITRUST.

Results from a HITRUST Enhanced IOC Collection Program indicate that healthcare organizations can dramatically improve the timeliness, completeness, usability and volume of IOCs and other CTI contributed to the HITRUST CTX by implementing the enhanced criteria (as defined in “Health Industry Cyber Threat Information Sharing and Analysis Report”). HITRUST has been expanding its Enhanced IOC Collection program with an increased number of participating organizations.

In addition, HITRUST has recently announced the CyberAid program, which identifies effective security solutions for smaller healthcare organizations, making it possible for them to contribute CTI to the HITRUST CTX in near real-time for the first time. This development expands HITRUST’s CTI collection network and the effectiveness of the HITRUST CTX in supporting healthcare and other industries in cyber risk mitigation.

HITRUST continues to refine the role of an ISAO and enhance and expand its programs around CTI sharing, cyber preparedness, response and education, with enhancements to the HITRUST CTX, Cyber Monthly Threat Briefings, CyberRX and HITRUST CyberAid. HITRUST continues to make these programs available free of charge to healthcare organizations.

“The AIS integration shows that HITRUST continues to evolve, improve, and lead by example by innovating and ensuring cyber threat information sharing is providing the most value to the broadest group of constituents while reducing overall cyber risk,” said Daniel Nutkis, CEO, HITRUST. “In addition to helping CTX participants overcome technical challenges, we wanted to educate them on the value of AIS and assure them that any information shared is anonymized in order to reduce liability concerns, while affording them the liability protection provided under the Cybersecurity Information Sharing Act.”

About HITRUST Cyber Threat XChange

The HITRUST Cyber Threat XChange (CTX), powered by Anomali, was created to significantly accelerate the detection and response to cyber threats targeted at the healthcare industry. HITRUST CTX automates the process of collecting and analyzing cyber threats and distributing actionable indicators in electronically consumable formats that organizations of varying sizes and cyber security maturity can utilize to improve their cyber defenses. Acting as an advanced cyber threat early warning system, HITRUST CTX is offered free of charge to the public and has gained wide acceptance.


Founded in 2007, the Health Information Trust Alliance (HITRUST) was born out of the belief that information protection should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. HITRUST – in collaboration with public and private healthcare technology, privacy and information security leaders – has championed programs instrumental in safeguarding health information systems and exchanges while ensuring consumer confidence in their use.

HITRUST programs include the establishment of a common risk and compliance management framework (CSF); an assessment and assurance methodology; educational and career development; advocacy and awareness; and a federally recognized cyber ISAO and supporting initiatives. Over 84 percent of hospitals and health plans, as well as many other healthcare organizations and business associates, use the CSF, making it the most widely adopted security framework in the industry. For more information, visit https://www.HITRUSTalliance.net.

Chat Now

This is where you can start a live chat with a member of our team