A Governance Model for Cyber Threat Information Sharing in the Healthcare Sector

Abstract

Cyber Threat Information (CTI) sharing is a vital component of cybersecurity in the healthcare sector, where protecting sensitive patient data and the continuity of critical services are paramount. It's implementing faces socio-technical complexity and strict EU requirements, including the General Data Protection Regulation (GDPR), the Network and Information Security Directive 2 (NIS2), the Cyber Resilience Act (CRA), and the AI Act. This paper applies the Design Science Research (DSR) methodology to develop a governance model that enables secure, compliant, and context-aware CTI sharing. The model integrates systems theory, socio-technical principles, information systems governance, and cyber resilience. It is informed by empirical studies and practical insights from SOC/CERT frameworks. It leverages the DYNAMO platform and tools such as Early Warning System (EWS), open-source software solution MISP, and Data Anonymisation Tool (DAT), to support structured, interoperable, and regulation-compliant threat intelligence exchange. A phased implementation strategy is outlined, beginning with pilot testing in hospitals, then regional integration with CERTs, culminating in national deployment. Evaluation is conducted using realistic assessment and case analysis, with metrics guiding iterative refinement. The model addresses the research question: How can a governance model for cyber threat information sharing be designed for the healthcare sector under EU regulatory constraints? This work contributes a scalable, adaptable governance framework that enhances cyber resilience and fosters trust-based collaboration across healthcare ecosystems.