DHS Revives Health Sector Threat-Sharing Without Key Legal Protections

The U.S. The rebooted information-sharing framework, which replaces a platform discontinued in 2025, aims to facilitate the rapid exchange of cyberattack data between the federal government and private entities. However, the absence of liability shielding has prompted immediate questions from the sector's ISAC regarding the efficacy of the program.

For health system leaders, the ability to share sensitive data about network vulnerabilities and active threat actors is vital to safeguarding patient records and medical devices. The previous iteration of federal threat-sharing, which was lost in 2025, provided a degree of legal comfort that encouraged organizations to report incidents. The goal remains to bridge the gap between private-sector visibility and government defensive resources. Yet, the current lack of an explicit legal “safe harbor” in the new channel has created a point of friction between federal policy and the operational realities of hospital IT departments.

The Evolution of Federal Threat-Sharing

The transition from the 2025-era platform to the current system marks a shift in how the federal government expects private infrastructure operators to interact with intelligence agencies. Industry leaders argue that the current implementation of the new DHS channel fails to replicate the specific, reliable protections that CISOs relied upon to justify the risks of data disclosure.

The health sector has historically been a high-volume contributor to national threat intelligence. By sharing data on ransomware campaigns and phishing attempts, these organizations provide a “herd immunity” effect that benefits hospitals across the country. The current concern among these stakeholders is that without clear, reinforced legal protections, the incentive to participate in a voluntary federal program is diminished, potentially creating blind spots in the national cybersecurity posture.

Why Liability Protections Matter to Healthcare

For a hospital or a large health system, the decision to share data about a security breach is fraught with legal complexity. HIPAA requirements, combined with the potential for class-action lawsuits following a public data disclosure, create a risk-averse environment. The legal shield that industry leaders are calling for would ideally provide immunity from civil lawsuits or regulatory enforcement actions that could arise solely because an organization disclosed an indicator of compromise (IOC) to the federal government.

Without these protections, cybersecurity leaders face a “chilling effect.” When an organization reports a threat, they must ensure that the act of reporting does not inadvertently reveal a failure to maintain security standards or provide a roadmap for plaintiff attorneys to initiate litigation. The Department of Health and Human Services (HHS) has previously issued guidance on how cybersecurity sharing can comply with HIPAA, but the industry is looking for broader statutory assurances that go beyond agency-level interpretation.

What Happens Next for Infrastructure Security

The dialogue between the DHS and critical infrastructure sectors is expected to continue through upcoming advisory board meetings and industry working groups. While the new channel is operational, the pressure on lawmakers to clarify liability protections remains high. Sector-specific ISACs have indicated they will continue to press for a more formal framework that aligns with the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), which mandates reporting for certain entities but remains distinct from the voluntary, intelligence-sharing programs that hospitals rely on for proactive defense.

For now, IT leaders are advised to maintain their internal documentation protocols and consult with legal counsel before participating in the new channel. The uncertainty regarding liability does not prevent participation, but it does alter the risk-benefit analysis for many health systems. As the government continues to refine these information-sharing platforms, stakeholders are encouraged to monitor official updates from the CISA website for any changes to the terms of service or new guidance regarding legal protections.

We will continue to track developments as they emerge from future congressional hearings and agency policy updates. Readers are invited to share their perspectives on the current state of threat-sharing in the comments section below.

Leave a Comment