Jump to Content
Security & Identity

Health-ISAC and Google Cloud partner to build more resilient healthcare, one threat indicator at a time

February 9, 2023
https://storage.googleapis.com/gweb-cloudblog-publish/images/GCAT_2023.max-2500x2500.jpg
Taylor Lehmann

Director, Office of the CISO, Google Cloud

Adam Licata

Product Manager, Google Cloud

Try Google Cloud

Start building on Google Cloud with $300 in free credits and 20+ always free products.

Free trial

Google Cloud is committed to helping healthcare and life sciences organizations defend themselves from threats that disrupt their ability to care for patients. The pandemic showed how vulnerable this industry is to attacks, and the real-life impacts that shutting down hospital systems and affecting drug makers can have on patients and families.

In July 2022, we announced our agreement to join Health Information Sharing and Analysis Center (Health-ISAC) as an Ambassador partner and bring Google’s cybersecurity resources to help this community of more than 750 global organizations fight back.  

Today, we’re announcing the general availability of our next investment in this community.  Working with the Health-ISAC Threat Operations Center, Google Cloud security engineers developed an open sourced integration that connects the Health-ISAC Indicator Threat Sharing (HITS) feed directly with Google Cloud’s Chronicle Security Operations information and event management. HITS allows Health-ISAC members to easily connect and quickly share cyber threat intelligence through machine-to-machine automation.

The HITS integration with Chronicle can help Health-ISAC members discover threats more rapidly, and can also assist in evicting malicious actors from their infrastructure. This crowd-sourced approach means that any member organization that detects a threat can share that threat indicator automatically with others, which informs other members to investigate and update their defenses as needed. (Threat indicators are forensic artifacts of a present or past threat. They appear most often as suspicious files, URLs, email addresses, network addresses, sampled traffic, and activity logs.) 

“The integration of Health-ISAC’s threat feed with Chronicle Security Operations is exciting to see,” said Errol Weiss, Health-ISAC’s chief security officer. “Our members can now ingest Health-ISAC’s Signature Threat Feed of member-to-member shared threat indicators into Chronicle, and use that information to help automation and threat analyst decisions when protecting critical network infrastructure.”

To take advantage of this threat intelligence integration, Chronicle customers can follow these setup instructions for STIX/TAXII feeds using the scripts on GitHub. For more information, please reach out to us on the Google Cybersecurity Action Team.

At Google Cloud, we operate under a shared fate approach – where it is our responsibility as the cloud provider to be active partners as our customers deploy securely on our platform. Providing capabilities that allow organizations to extend their previous investments to protect their most critical assets on Google Cloud is yet another example of how we are leaning in with our customers to help them be more secure. In 2023, we will continue expanding our partnerships and working closely with industry partners like Health-ISAC to help our global health sector continue building an increasingly more resilient healthcare ecosystem.

Posted in