Monthly Newsletter – May 2020
May’s Newsletter features:
- Interview with H-ISAC’s CSO, Errol Weiss, on leveraging the H-ISAC Community during COVID-19
- PERCH Webinar
- Three Offerings of Healthcare Security Resources: Security Assessment Tools, Self Assessments, and Vulnerability Scanning
- Upcoming Events
Leveraging the H-ISAC Community
COVID-19 Response Spurs Security Offerings and Increased Member Sharing
A conversation with H-ISAC Chief Security Officer, Errol Weiss
What H-ISAC membership offerings have resulted to support COVID-19 response?
H-ISAC has been working with a number of partners to bring additional, high value services to the H-ISAC membership. I know how busy everyone is working in this “new normal” and that many of our members are also being approached by vendors with new and free offers. We’re carefully reviewing any services we bring to the H-ISAC membership, to be sure
those services are an effective mechanism to quickly help improve security for the
healthcare sector.
In terms of what we’ve done recently, we’ve announced new partnerships and offerings from RiskRecon and SecurityScorecard, a free subscription to Flashpoint’s intelligence services, intelligence reports from FireEye, RiskIQ, and LookingGlass, plus additional COVID-19 physical security and situational awareness reporting from our intelligence partner GRF.
We host a Friday afternoon member-only webinar to share IT and infosec challenges and experiences dealing with the COVID-19 pandemic response. A panel of experts from the healthcare sector discusses their experiences and takes Q&A from audience members.
H-ISAC captures these best practices and threats and shares with membership. Some topics include:
Has information sharing increased or decreased during this challenging time?
Information sharing has exploded during the pandemic response. Information security researchers and cyber threat intelligence professionals have banded together to help the healthcare sector deal with cyber threats like ransomware, phishing and malware. These volunteers were motivated into action after seeing hospitals and other healthcare providers still being targeted by ransomware during the pandemic response. H-ISAC is working closely with several of these volunteer groups, including the CTI League and the Cyber Threat Coalition to obtain Indicators of Compromise (IOCs) associated with new attacks and to learn about companies that may have been compromised The IOCs are shared automatically with H-ISAC members and victims are notified so they can take corrective actions.
What message would you like to get out to our membership today?
We’re all certainly operating in unprecedented times due to the pandemic response. I would remind everyone to leverage the community of H-ISAC. Your peers are a wonderful resource for learning about new attacks, threats and best practices. Get involved in the H-ISAC organization and I guarantee you’ll benefit by getting even more out of it than you put in.
WEBINAR— Threat Detection for the Rest of Us with Perch
H-ISAC and Perch have teamed up to provide a community threat platform just for H-ISAC members. Join this webinar to learn how you can have a first-class threat detection platform complete with SOC support for a fraction of the cost of leading solutions.
Save the date of May 28 at 11:00AM ET.
Registration details coming soon. Go to h-isac.org/perch for more information.
Three Offerings of Healthcare Security Resources:
Security Assessment Tools, Self Assessments, and Vulnerability Scanning
1. RiskRecon Assessment Tool
RiskRecon, a Mastercard company, is offering any healthcare organization free access to their assessment tool through the end of 2020. Firms that need help understanding the security of their digital footprint can use RiskRecon to quickly identify weaknesses and receive recommendations to mitigate those concerns. RiskRecon can also be used to assess the security of critical third-party suppliers.
2. SecurityScorecard Continuous Self-Assessments
SecurityScorecard recently partnered with H-ISAC to assist members with security needs. The SecurityScorecard offering also provides members the ability to perform continuous self-assessments of their environment and critical suppliers.
Both of these offerings can help members quickly assess the security of their external network environment. SecurityScorecard and RiskRecon have both made the enterprise-grade version of their products available for H-ISAC members — providing an effective method for organizations to identify security gaps in their network. Member organizations that have not implemented external perimeter scans of their network, can take advantage of these offers, especially during the pandemic response, in order to improve their security posture.
3. CyHy Vulnerability Scanning Service
Working with the US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA), H-ISAC members can take advantage of the Cyber Hygiene (CyHy) Vulnerability Scanning Service. CyHy provides for proactive identification of vulnerabilities that could be exploited by a malicious actor. There is no cost for the service and runs continuously with weekly reports and ad-hoc alerts as needed.
Fast Forward—A LOOK AT 3RD AND 4TH QUARTER EVENTS
H-ISAC GLOBAL EVENTS
H-ISAC SECURITY WORKSHOP…..September 16—Greenwood Village, Colorado; USA
H-ISAC CYBER THREAT INTEL TRAINING…..September 22-24—Titusville, Florida; USA
H-ISAC SECURITY WORKSHOP…..September 23&24—Forchheim; Germany
H-ISAC SECURITY WORKSHOP…..October 27—Mounds View, Minnesota; USA
H-ISAC SECURITY WORKSHOP…..October 29—Seattle, Washington; USA
H-ISAC FALL SUMMIT…..Nov 30 – Dec 4—Phoenix, Arizona; USA
ENGAGE WITH H-ISAC AT THESE PARTNERED EVENTS
HEALTHCARE CYBERSECURITY FORUM…..July 20—Denver, Colorado; USA
HEALTHCARE CYBERSECURITY FORUM…..September 9—Nashville, Tennessee; USA
ENISA TRUST SESRVICES FORUM and CA DAY 2020…..September 22&23— Schloßplatz Berlin, Germany
HEALTHCARE CYBERSECURITY FORUM…..September 22—Boston, Massachusetts; USA
THE MEDTECH CONFERENCE…..October 5-7 – Toronto, Canada
HEALTHCARE CYBERSECURITY FORUM…..October 8—Houston, Texas; USA
NCHICA AMC SECURITY & PRIVACY CONFERENCE…October 21&22—Durham, North Carolina; USA
CYSEC 2020 new dates!…October 27&28—Dubrovnik; Croatia
HEALTHCARE CYBERSECURITY FORUM…October 28 – Seattle, Washington; USA
HEALTHCARE CYBERSECURITY FORUM…November 12—Los Angeles, California; USA
- Related Resources & News
- Leveraging ISO 81001-5-1 Amid Medical Device Procurement
- Mitigating risk as healthcare supply chain attacks prevail
- Enhancing Cybersecurity in Rural Hospitals
- Health-ISAC Hacking Healthcare 11-15-2024
- Cyber Incident Response: Playbook for Medical Product Makers
- Feds Warn of Godzilla Webshell Threats to Health Sector
- Trump’s Return: Impact on Health Sector Cyber, HIPAA Regs
- Health-ISAC Hacking Healthcare 11-7-2024
- Protecting the Healthcare Supply Chain Against Russian Ransomware Attacks
- All hospitals should be concerned about cyberattacks. Here’s why