Health ISAC Unveils “All About Authentication:
A Health-ISAC Guide for CISOs”

Third paper in Health-ISAC series to help CISOs develop an identity-centric approach to cybersecurity

ORMOND BEACH, FL, March 1, 2021 – The Health Information Sharing and Analysis Center (Health-ISAC), the global non-profit that provides the health sector with a trusted community for sharing cyber and physical security threats, today released a free guide intended to help Chief Information Security Officers (CISOs) understand and implement a modern approach to authentication.

It’s an anomaly these days when a major breach happens and compromised authentication systems don’t play a role. “All About Authentication: A Health-ISAC Guide for CISOs” provides practical guidance to help CISOs select and implement modern authentication solutions that are both more secure and also easier for people to deploy and use.

“Multi Factor Authentication (MFA) is critical to stopping attacks — but as we detail in this paper, not all MFA is the same, and attackers are already exploiting some first-generation MFA tools,” said Denise Anderson, President and CEO of Health-ISAC. “CISO’s will find the in-depth publication is a valuable tool that will help them stay ahead of the curve.”

“All About Authentication: A Health-ISAC Guide for CISOs” details how different types of authentication work, how to evaluate the differences between solutions, and what industry best practices and standards are available. The white paper provides two case studies from healthcare organizations that recently transitioned to modern authentication solutions. Both examples provide insight into how to translate the ideas outlined in this paper into the real world.

The authentication guide represents the third paper in the Health-ISAC series designed to introduce CISOs to an identity-centric approach to cybersecurity. By providing an explanation of key concepts, outlining a framework and best practices, investigating the various solutions, and highlighting aspects of an effective implementation, Health-ISAC is creating a holistic guide to assist CISOs in the health sector on how best to approach Identity and Access Management (IAM) and its role in managing cybersecurity risk.

The paper can be downloaded at the Health-ISAC website:
https://h-isac.org/authentication-a-health-isac-guide-for-cisos/.

ABOUT H-ISAC

Health-ISAC is a trusted community of critical infrastructure owners and operators within the global Healthcare and Public Health sector (HPH). The community is primarily focused on sharing timely, actionable and relevant information with each other including intelligence on threats, incidents and vulnerabilities and best practices, mitigation strategies and more. Sharing occurs both machine-to-machine and person-to-person. H-ISAC also fosters the building of relationships and networking through worldwide educational events and whitepapers. Working groups and committees focus on topics of importance to the sector and member-vetted shared services offer enhanced services to leverage the H-ISAC community for the benefit of all. https://h-isac.org/
Contact: contact@h-isac.org

• Related Resources & News
• Potential Terror Threat Targeted at Health Sector – AHA & Health-ISAC Joint Threat Bulletin
• New Cybersecurity Policies Could Protect Patient Health Data
• CyberWire Podcast: PHP flaw sparks global attack wave
• Health-ISAC Hacking Healthcare 3-14-2025
• HSCC Aiming to Identify Healthcare Workflow Chokepoints
• New Healthcare Security Benchmark Highlights Key Investment Priorities and Risks
• Are Efforts to Help Secure Rural Hospitals Doing Any Good?
• CISA cuts $10 million annually from ISAC funding for states amid wider cyber cuts
• 2024 Health-ISAC Discussion Based Exercise Series After-Action Report
• Cobalt Strike takedown effort cuts cracked versions by 80%