Health-ISAC flags gaps in cyber resilience and incident response, calls for incident coordination and information sharing
The Health Information Sharing and Analysis Center (Health-ISAC) released its ‘2025 After-Action Report,’ drawing on a series of seven resilience exercises conducted through regional workshops with member organizations and strategic partners. The exercises were designed to test security preparedness and operational resilience, while enabling participants to exchange insights and identify effective practices in responding to cyber incidents impacting the healthcare sector.
The report highlights a set of recurring operational priorities, including the need for layered monitoring to detect threats early, rapid containment to limit impact on patient care, and clearly defined incident declaration processes to enable coordinated response. It also underscores the importance of cross-functional coordination spanning technical, operational, and leadership teams, besides using out-of-band communications during incidents.
Broader considerations such as legal, regulatory, and public communication requirements, as well as the complexity of ransomware payment decisions, were found to shape response outcomes. The findings further point to gaps in coordination between cyber and physical security teams, while emphasizing that joint exercises, structured after-action reporting, and timely information sharing are critical to strengthening sector-wide resilience.
