Monthly Newsletter – April 2020
April’s Newsletter features:
- H-ISAC Members Collaborate for COVID-19 Response
- Opportune Healthcare Resources
- Working Group Spotlight: Cybersecurity Awareness & Training Working Group
- We cannot meet in person at this year’s Spring Summit; however, information sharing between members is going strong on many platforms.
- Upcoming Events
Full newsletter pdf
Text version of article highlights:
SPRING SUMMIT CANCELLED
Our Spring Summit has been cancelled due to precautions related to COVID-19; however, member information sharing is rising to the occasion. We look forward to connecting everyone in person at future Summits.
H-ISAC Members Collaborate for COVID-19 Response
While a crisis situation often brings out people looking to further exploit humanity, such as increased cyberattacks targeting the strained health sector during the COVID-19 response, it also brings out the heroes. Today, we witness the efforts of our heroes from information security professionals – including H-ISAC members. These champions are rising to volunteer their time after work to search for healthcare organizations vulnerable to cyberattack. The H-ISAC Threat Operations Center (TOC) has been serving as a hub to take victim reports from these volunteers and share it directly to the organizations impacted. These organizations, regardless of whether they are H-ISAC members, receive best practices to mitigate the vulnerabilities. To date, this group has provided helpful threat data to at least 50 hospitals. “In times like this, we want organizations to focus on securing their own environments,”1 says H-ISAC CSO Errol Weiss.
With multiple secure communication and sharing platforms already in place, H-ISAC members have responded quickly and collaboratively during the recent onslaught of extraordinary circumstances imposed on healthcare systems worldwide.
Tackling the challenge of setting up Work from Home (WFH) procedures in a matter of days – rather than months – member chat platforms and member webinars are buzzing with questions and best practices supporting remote staff workarounds. Organizations with
established telehealth and WFH standards of procedure are sharing what’s working in their organizations.
1 https://www.cyberscoop.com/covid-19-cybersecurity-volunteer-groups-h-isac/
Opportune Healthcare Resources
Information Sharing Best Practices
The recently published Information Sharing Best Practices whitepaper is an editable guide to quickly incorporate cyber threat sharing. This document was developed in partnership between H-ISAC and the Healthcare and Public Health Sector Coordinating Council (HSCC).
Access the Information sharing paper here
https://h-isac.org/h-isac-information-sharing-best-practices/.
Teleworking Checklist
The Healthcare and Public Health Sector Coordinating Council (HSCC) released Management Checklist for Teleworking Surge. These recommendations for healthcare organizations to manage teleworking strategies during the COVID-19 response.
Access Teleworking paper here
https://h-isac.org/management-checklist-for-teleworking-surge/
WORKING GROUP UPDATE: Cybersecurity Awareness and Training Working Group
The Cybersecurity Awareness and Training Working Group is a confidential forum of Cybersecurity leaders and professionals from
H-ISAC member organizations focused on the education, development and knowledge-sharing of Cybersecurity awareness and training materials and best practices.
This group looks to educate members on cybersecurity awareness and training program objectives, capabilities, and implementation approaches including assessments of vendor capabilities and publicly available industry standard content and materials.
Additionally, this group is working to develop a mechanism where members can share ideas and tangible assets that can be leveraged by our H-ISAC member community including training curriculums, policies and standards, infographics, metrics and campaign frameworks such as phishing campaigns and social engineering exercises.
If you are interested in joining this group (or have someone from your organization who wants to join this group), please send an email to contact@h-isac.org.
- Related Resources & News
- Leveraging ISO 81001-5-1 Amid Medical Device Procurement
- Mitigating risk as healthcare supply chain attacks prevail
- Enhancing Cybersecurity in Rural Hospitals
- Health-ISAC Hacking Healthcare 11-15-2024
- Cyber Incident Response: Playbook for Medical Product Makers
- Feds Warn of Godzilla Webshell Threats to Health Sector
- Trump’s Return: Impact on Health Sector Cyber, HIPAA Regs
- Health-ISAC Hacking Healthcare 11-7-2024
- Protecting the Healthcare Supply Chain Against Russian Ransomware Attacks
- All hospitals should be concerned about cyberattacks. Here’s why