From March to November 2024, Health-ISAC held ten workshops as part of the Discussion Based Exercise Series, involving over 100 member organizations, potential members, and strategic partners. Each three-hour exercise focused on a ransomware scenario, with participants discussing updates and sharing best practices, experiences, and recommendations. The exercises aimed to explore opportunities for enhancing security and resilience in the health sector. Variations in the scenarios and discussions catered to the diverse participants, encouraging active engagement. Observations from these exercises have been compiled into the following categories to guide continuous improvement in cybersecurity and preparedness, ultimately fostering greater resilience in the health sector.
Employee Training and Awareness
Credential and Network Vulnerability Mitigation
Attack Vectors and Mitigation Strategies
Ransom Payment
Intelligence and Outreach
Scope of Breach
Legal and Public Affairs
Release of ePHI Data
Public Confidence
Chain of Custody
Law Enforcement
Strategies for Resiliency
This report provides a brief summary of the full 2024 Health-ISAC Discussion Based Exercise Series After-Action Report (AAR) that Health-ISAC members received on February 6, 2025. Health-ISAC members can retrieve the full report in the Health-ISAC Threat Intelligence Portal (HTIP).
