Health-ISAC President Denise Anderson Discusses Evolving Cyberthreats and Risks
Marianne Kolbasuk McGee (HealthInfoSec) • March 4, 2025 – 12 Minutes
Listen to the interview here. Click Here
A few examples of how Health-ISAC helps the health sector
Last year, we sent nearly 900 target alerts. These are alerts where we actually see information about a specific company that is facing a specific threat. We contact that organization – whether a Member or not – and give them some mitigation advice.
We have channels where members can communicate with each other on a continual basis. They can share what they’re seeing in their environment and what they’re hearing about from others and come up with best practices for dealing with those threats.
A New Concern
A lot of organizations think it won’t happen to them, but smaller organizations are getting hit. We’re seeing clinics and smaller hospitals being hit left and right because the attackers can do it. The smaller organizations don’t have the staff in place to help protect them. People need to know that ransomware attacks are happening to small clinics like orthopedic clinics, dermatologists, cardiac clinics and such. I don’t think they are aware and we need to help them. We want to reach these clinics and get the message out that they need to be watching their cyberspace posture and be investing in it.
The CEOs have to invest. It’s easier to invest in cybersecurity upfront than to have an attack later and spend millions of dollars to fix it. It’s often not until these clinics and organizations are hit that they realize they should invest in cybersecurity up front. That’s a hard lesson to learn. We are getting the messaging out there that if you have an extra dollar to spend on cybersecurity vs. equipment, in the end, if you can’t deliver patient care because you’ve had a ransomware attack, then what is the use of some new gadget that treats a patient? Making sure that patients can get care is of utmost importance.
ISACs Supporting Industry for Over 20 Years
With the current panic of the changing administration, it’s important to remember that ISACs have been around for over 20 years. In the absence of government during administration changes every four years, industry can rely on ISACs. People need to know they can turn to their sector’s ISAC if they need help.
