Blended Threats Whitepaper

In this informative paper, created from the
H-ISAC Blended Threats Exercise Series final findings report,
you’ll learn:
- – Actionable information for health care delivery organizations (HDOs), medical device manufacturers (MDMs) and healthcare information technology vendors to prepare for, exercise, and respond to black swan events.
- – 8 Best Practices for Blended Threat Mitigation
- – 4 areas of improvement within the Healthcare sector from a Whole-of-Organization approach
- – 10 areas to benchmark improvements toward Preparedness
- – An InfoSec wishlist to build capabilities for Healthcare sector resilience
- – Healthcare sector identified areas of challenge open for discussion
Key Takeaways:
Whole-of-Organization Approach
– Cybersecurity programs should be looked at as an important component of the whole business.
Plan Now to Prepare for a Threat
– Browse the nine topics identified for Preparation and Practice to see where your organization is lacking and where to start planning a best response.
Cyber and Physical Security Connection
– The Best Practices section and the Areas for Sector Improvement sections identify processes for cyber and physical security personnel to work together, which departments should be connected and how to keep the chief levels informed during an incident.
Abstract
Sharable outcomes aggregated from the Health-ISAC Blended Threats exercise series provide actionable information for the H-ISAC community to discuss, exercise, prepare for, and respond to black swan events. The six workshops enabled participants to focus on enterprise risk management. Exercise discussions yielded shared success strategies, identified opportunities to enhance security postures, and addressed several challenges from the viewpoint of healthcare delivery organizations (HDOs), medical device manufacturers (MDMs) as well as healthcare information technology (IT) vendors. This paper shares valuable ideas and considerations for the H-ISAC community to adapt and further develop to increase security and preparedness in a complex and blended threat environment.
- Related Resources & News
- Health-ISAC whitepaper highlights cybersecurity responsibilities in medical device lifecycle, focuses on resilience
- Health-ISAC Hacking Healthcare 2-3-2025
- Exploring the Cybersecurity Roles of Manufacturers and Healthcare Organizations During the Medical Device Lifecycle
- Impacts of Proposed US Import Tariffs on the Global Health Sector
- NY Blood Center Attack Disrupts Suppliers in Several States
- 2025 Newsletter – February
- DeepSeek’s Security Risk Is A Critical Reminder For CIOs
- $6.4m to combat health sector cyber threat
- Threat Bulletin: SimpleHelp RMM Software Leveraged in Exploitation Attempt to Breach Networks
- EU Commission Calls for Health Sector ‘Cyber Action Plan’