SOLUTIONS Health Threat Intelligence Sharing Platform

We have experienced an increase in cyberattacks during COVID-19 and with the rapid digital transformation of healthcare it is natural the cybersecurity risks will increase and may affect healthcare organisations.

Building and using a health threat intelligence platform allows us to manage cyberthreat indicators (IPs, URLs, etc) related to NZ health organisations and beyond, consume feeds automatically and share it with the community.

Health Threat Intelligence Sharing Platform concept

Rationale

We have experienced an increase in cyberattacks during COVID-19 and with the rapid digital transformation of healthcare it is natural the cybersecurity risks will increase and may affect healthcare organisations.

We looked at ways to reduce the incident rates, response times, false-positives and to collaborate with other organisations experiencing the same challenges.

Building and using a health threat intelligence platform allows us to manage cyberthreat indicators (IPs, URLs, etc) related to NZ health organisations and beyond, consume feeds automatically and share it with the community.

The obvious choice was to use the open Open Source Threat Intelligence and Sharing Platform (formerly known as Malware Information Sharing Platform).

Sharing is caring, so we hope you will join us!

Screenshot of Health Threat Intelligence Sharing Platform

Who is in scope

  • Any NZ health organisation or related third-party interested in current cybersecurity threats
  • IT service providers and security professionals protecting NZ health organisations
  • Other organisations wanting to share, collaborate and automate threat intelligence for the benefit of NZ healthcare

How to join

Register with your corporate email address when registering or if not practical, specify your home email.

We review and validate requests regularly, if you do not get access immediately, please contact us at: [email protected]

Access to the platform is granted based on trust and the service is provided “as is”. The information default classification is TLP:AMBER unless otherwise stated and should be treated in confidence.

What you will get

  • Access to public (TLP: WHITE) and private (TLP: AMBER) threat feeds and indicators
  • Feeds and indicators related to COVID19 and NZ health specific incidents (as detected by us or our partners)
  • Access to the platform REST API (JSON, CSV) for integration with other security products (SIEM, blocklists, etc)

How you can contribute

We are looking for contributors, volunteers (organisation management, IOC analysis) and sponsors for long-term sustainability options.

Currently the service is free and open to all contributors. For organisations that only consume the service, we may request a donation in the future to ensure fair resource consumption and sustainability.

Training

Here are a few resources to get you started:

We are happy to provide training, integration and additional services on request.