Working Groups, Committees & Councils
Working Groups
All Health-ISAC Members are welcome to participate in the Health-ISAC Working Groups. Members interested in exploring or joining a Working Group may access Groups through the Member Portal by logging in and navigating to “My Groups.” Members interested in forming a new Working Group may contact Member Engagement through the Member Portal or email us at contact@h-isac.org.
Artificial Intelligence Working Group
The Artificial Intelligence Working Group aims to provide a forum for Health-ISAC members to grapple with the rapid development and deployment of AI and other machine learning applications. To that end, the group will focus on three goals: first, enhance member’s understanding of emerging AI/ML systems and how to leverage them effectively. Second, sharing best practices and lessons learned to help members mitigate the risk posed by deploying AI systems. Finally, it will share information about threats to and by AI/ML systems.
Azure Sentinel Working Group
To provide a venue for Microsoft Sentinel enabled Health-ISAC members to share experiences and information as well as enhance the effectiveness of the solution in protecting their organizations from cyber threats. Goals will include: information sharing (tips, tricks, configuration considerations), building libraries of common scripts or queries, creating materials for members who are new or shortly adopting Sentinel to avoid pitfalls, and liaising with Microsoft to share points of friction and feature enhancements.
Business Information Security Office (BISO) Working Group
The purpose of Health-ISAC BISO Working Group is to establish a robust community of healthcare BISOs who specialize in bridging an organization’s security strategies with its overall business strategies. By facilitating regular communication and collaboration, the group aims to uncover trends across organizations to coordinate security and business needs and identify ways to communicate these effectively, thus effectively acting as a liaison across units, addressing challenges, and sharing best practices/lessons learned that BISOs face.
Cyber Threat Intelligence Program Development (CTIPD) Working Group
This working group’s purpose is to facilitate and promote discussion regarding developing Cyber Threat Intelligence programs within member organizations of all sizes, to develop best practices and guidance to provide the tools necessary to build a CTI program tailored to your organizational needs.
Cybersecurity Analytics Working Group
This group is working to establish a strategic approach to analytics development and sharing to promote open collaboration among the healthcare community. Leveraging MITRE’s Adversary Tactics, Techniques & Common Knowledge (ATT&CK) framework, each member organization conducts independent research on specific cybersecurity threat tactics. The group meets regularly to share research results, refine the common analytic sharing model, and promote continuous improvement by the member community.
Cybersecurity Awareness and Training Working Group
The purpose of this working group is to develop a mechanism whereby members can share ideas and tangible assets that can be leveraged to support the cybersecurity education and awareness programs of our Health-ISAC member community.
Cybersecurity Regulatory Compliance Working Group
Cybersecurity Regulation continues to evolve and expand across the healthcare sector globally. This proliferation creates burdens and challenges for Health-ISAC members who are already under tremendous pressure to secure their systems, devices, patients, and staff. This Working Group will enable Health-ISAC members to share information to help ease this burden and educate for rational regulation as appropriate.
Email Security Working Group
This working group’s mission is to gather, explain, and promote information security best practices related to sending and receiving email. This includes but is not limited to, phishing training, sandboxing, DLP, and DMARC. Goals include: developing configuration recommendations for major email platforms and answering member questions related to email security.
Identity and Access Management (IAM) Working Group
The Health-ISAC Identity Working Group will bring together individuals with identity and access management knowledge, who will participate with a shared commitment to provide identity and access management guidance with a goal to protect our enterprises from identity compromise while enabling members to achieve their digital experience goals.
Information Protection Working Group
Members of this working group share best practices, emerging threats, learnings, challenges, ideas, and approaches to detect and protect confidential information from cyberattacks and insider threats. Members discuss how to align their information protection program with business needs and compliance requirements, maximize the value from technological investments, define and measure success, and continuously reduce the collective risk of data leakage across the healthcare industry.
IT M&A Integration and Divestitures Working Group
This group’s goal is to provide an opportunity to gain insight, perspective, and knowledge sharing with M&A IT experts across the life sciences industry. This includes opportunities for consistent terminology, mature processes, and the value proposition of IT M&A structure.
IS Risk Management Working Group
The focus of this group is to share experiences, tactics, wins, and challenges to evolve our collective capabilities and enable the focus of our organizations. Goals include:
- Share best practices across risk management methods, services, and outcomes
- Reduce the impact of threats from adversaries by better understanding the risks that can or will affect us (protecting information and the reputation of the sector)
- Improve efficiency and effectiveness of security risk management operations
- Explore opportunities of opportunities for sharing risk tactics or actual risks so that we can build a collective risk/threat landscape
- Learn from each other’s accomplishments and challenges
- Surface innovative ways to progress the risk management discipline
- Define collective best practices for Health-ISAC
- Build partnerships in the industry
- Produce measurable, usable outcomes that enable Members to leapfrog their IS risk management practices
NIS2 Implementation Working Group
This group will collaborate on the NIS2 directive, which will come to the EU in 2023. The goal is to develop and coordinate the approaches for each country and implement them on a company level.
OT Security Working Group
This group is focused on fostering and promoting best practices in Operational Technology/Industrial Control systems across member organizations. Goals include:
- Creating a library of high-level information on best practice approaches from members who are more mature in this area
- Representing members’ views in relation to certification and framework organizations such as ISA
- Present a combined approach to OT vendors where any commonality exists
Pharma and Healthcare Insider Threat Working Group
The working group aims to develop new ideas around Insider Threat programs specific to the pharmaceutical and healthcare sectors. It will use discussions and round tables to discover new options and potential solutions for monitoring, detecting, and preventing insider threats.
Physical Security Working Group
The Physical Security Working Group will provide a platform for networking and collaboration between physical security personnel across Health-ISAC membership. Utilizing information-sharing practices, the Working Group will establish communication on best practices in security procedures encompassing workplace violence prevention, natural disaster preparedness, hostile events, vandalism or destruction of property prevention, and recovery practices from previously mentioned. Focusing on risks and challenges impacting operations and safety, the Working Group will coordinate incident reporting to provide information to benefit the membership in times of crisis or recovery. Further focus will be on force protection of facilities to prevent or reduce the impact of physical threats to healthcare facilities.
Provider Working Group
The purpose of this group is to find innovative ways to improve cybersecurity while not impeding patient care and to lower the risk to organizations that may be vulnerable to attacks by former employees, contractors, or potential hackers who look to compromise critical systems and steal health records.
Goals include:
- Share ideas and generate white papers as well as new solutions to address the new technology within the provider community
Focus areas include:
- Establish (or adopt) a minimum standard for cybersecurity
- Establish standards for telehealth technology
- Assist with supporting the smaller provider organizations
- Increase sharing of methods for cybersecurity and data protection
- Develop patient/employee-friendly cybersecurity approaches
- Assist with training and awareness campaigns
Purple Team Working Group
The Purple Team Working Group aims to help teams grow their purple teaming and threat detection capabilities. The initial goals are to build guidance and offer perspective on items such as metrics for purple team exercises and tooling, the pros and cons of open-source tooling, and streamlining existing processes with automation. The ultimate hope is that these will help demonstrate value to leadership and expand the benefits of purple teaming in the healthcare vertical.
Regional Tensions Working Group
The Regional Tensions Working Group focuses on the threats to businesses due to potential or realized regional escalations. This group will work to identify cyber and non-cybersecurity threats relevant to the healthcare sector (including supply chain impacts), determine the associated risks and appropriate security considerations, and share that information broadly with Health-ISAC members.
Security Architecture Working Group
The Security Architecture Working Group will share experiences, best practices, lessons learned, ideas, and non-proprietary technical products, enabling members to accelerate efforts to address security challenges, ensure end-to-end security protections and controls, and maximize security investments. The group will exchange and establish standards for security architecture and policy use cases, continuous improvement strategies, security efficacy and other KPI metrics, vendor solution assessments and experiences, portable reusable code, and other non-proprietary information.
Social and Political Risks to Healthcare (SPIRIT) Working Group
This group focuses on the threats to healthcare organizations due to growing and substantive social and political events. Strong societal reactions to issues such as the US Supreme Court decision overturning Roe v Wade, gender-affirming care, family planning, controversial medical research and procedures, ethical and appropriate use of healthcare data, and changing healthcare regulations and privacy laws along with business expectations are all examples that potentially motivate threat actors to target the healthcare sector to further their cause. Healthcare Providers are also facing rising workplace violence events, and individuals are dealing with new threats online and physical security threats as these social and political issues result in “real-world” impacts.
Third-Party Risk Governance (TPRG) Working Group
This working group aims to evolve our collective capabilities and enable organizations to focus on implementing a best–in–class third-party risk management program by following these objectives:
- Share and learn best practices to mitigate risks posed by third parties
- Improve efficiency and effectiveness of third-party risk management operating components
- Enhance understanding of a third party’s information security program maturity through shared experiences
- Explore opportunities to share risk tactics or risk areas so that we can build a collective risk/threat landscape
Third-Party Supplier Incidents Working Group
To tackle the common global issue of managing Third-Party Supplier Incidents. The suppliers share a commonality, and finding a common way to deal with potential incidents appears to be critical in an ever-changing threat landscape. We are looking to approach this problem from a global perspective.
Vulnerability Management Working Group (VMWG)
The VMWG will support the operations of the Health-ISAC member community, offering insight into new and emerging vulnerabilities and providing countermeasures. This will provide insights into how the Health-ISAC members can enable defensive measures beyond traditional “patch management.” The VMWG will offer insights, via presentations and whitepapers, into best practices across the Health-ISAC community. The VMWG will have primary oversight over new critical and zero-day vulnerabilities affecting the sector and will coordinate actions as these events arise.
Joint Working Groups
Health-ISAC Joint Working Groups serve the same function as its Working Groups but leverage non-member participation to accomplish their objectives.
Incident Response Working Group
This group has partnered and worked jointly under the Health Sector Coordinating Council’s Incident Response Business Continuity (IRBC) Task Group and includes members from HSCC and HHS’s 405(d) Working Group. Their shared focus will center on experiences, tactics, wins, and challenges to evolve our collective incident response capabilities and develop robust, sustainable programs to minimize damage from incidents and improve information security practices in our industry. Goals include producing a template playbook, supplemental collateral, and usable outcomes allowing users to consume and leapfrog their incident response practices.
Committees
Health-ISAC Committees are closed groups that help serve a governance function and bring Member input into shaping Health-ISAC products and services. Any Member interested in serving on a Committee may contact Member Engagement through the Member Portal or email contact@h-isac.org to find out the process for Membership and whether the Committee has an opening.
Business Resilience Committee
The Business Resilience Committee will support the operations of the Health-ISAC Resilience Program. The BRC will focus on identifying non-cybersecurity all hazard threats relevant to the health sector, determine the associated risks and appropriate security considerations, and support the Health-ISAC Threat Operations Center (TOC) to share that information broadly with the Health-ISAC members. During times of crisis, the Business Resilience Committee will provide systemic incident response guidance, analyze incidents, and facilitate impact assessment and crisis escalation on behalf of the sector. The Business Resilience Committee will have primary oversight over physical events affecting the sector, coordinate actions during a crisis, and be the primary control point for the Physical Threat Alert Level for the sector.
Identity Committee
The mission of the Health-ISAC Identity Committee is to provide Health–ISAC Leadership advice regarding Identity & Access Management (IAM) issues and help set the strategy, goals and objectives for the IAM Working Group.
Threat Intelligence Committee (TIC)
The TIC is responsible for looking at the cyber threat landscape for the health and public health (HPH) sector and developing strategic direction for anticipating and preparing for threats. The TIC helps facilitate the planning, coordination, collection, trending, processing and analysis, production of white papers and other materials, and dissemination of primarily cyber threat intelligence for the HPH sector through engagement with internal and external stakeholders. The Health-ISAC Threat Intelligence Committee is a closed working group.
Councils
European Council
The purpose of Health-ISAC’s European Council is to advance and foster Health–ISAC’s mission by facilitating an infrastructure and community that focuses on the issues and threats European organizations and members face.
Medical Device Security Council (MDSC)
The mission of the MDSC is to bring together stakeholders in the medical device security arena to develop solutions, identify best practices, and facilitate the exchange of information that will result in more efficient and secure use of medical devices and related practices. Membership is open to medical device manufacturers and stakeholders of the medical device security community that conduct their activities consistent with Health-ISAC’s Operating Rules, including Non-Disclosure Agreements, health industry regulations and best practices, and the highest ethical standards.