Monthly Newsletter – February 2023
Newsletter Features:
- APAC Summit – Registration Open and Agenda available
- 1st Workshop for 2023 – Prague Recap
- Spring Americas Summit – CFP is still open don’t miss out on the opportunity to share your knowledge
- Member Service Spotlight — HITS
- European Workshop and Inaugural Hobby Exercise — April 19th and 20th in Dublin, Ireland hosted by ICON…Register Today
- Podcast — Phil Englert speaks on Medical Devices and 3rd Parties
- Upcoming Events — Webinars
Pdf version:
Text version:
Don’t Miss Out on Earlybird Registration for the APAC Summit – Now Open!
Collaborate, Connect, and Inform
March 21-23, 2023!
Register here: https://h-isac.org/summits/2023-apac-summit/
We have several great topics. Here are a few to peak your interest:
- Regulatory Intelligence & Regulatory Change Management
- How to handle 50+ CVEs per day – designing an efficient vulnerability evaluation process for a large product portfolio
- Cybersecurity Management Service – Product Security Transparency for Healthineers and its Customers
- Practical machine learning applications in a SOC environment
- Hacking Healthcare Presents: International Healthcare Data Sharing and Incident Response Preparation.
Attendees continually rate Health-ISAC Summits as excellent for content and the high level of networking. Be part of Health-ISAC’s commitment to strengthen the global healthcare sector.
* * * * *
PRAGUE WORKSHOP HIGHLIGHTS
Health-ISAC started the year in the Czech Republic with a Healthcare Cybersecurity Workshop in Prague on 12 January, hosted at MSD. Forty healthcare security peers gathered to learn and share mitigation strategies and connect within a trusted environment.
Freshly energized attendees spoke about the workshop on LinkedIn:
- It was a very enriching experience thanks to participants from both the Private & Public sectors. My main take away is that by sharing valuable
information with each other we all get stronger, and with that we manage to serve our patients better. - The day was excellent. A huge shout out to Health-ISAC, as all I heard throughout the day from all the attendees is that every company should be a part of this organization.
- Please consider sharing your best practices as a speaker or hosting a workshop at your facility. March and April locations include California and Ireland. Learn more here https://h-isac.org/events/.
* * * * *
Health-ISAC’s new logo and brand dynamically highlights our commitment to making global healthcare stronger and safer through trusted connections.
View it here: https://h-isac.org/health-isac-introduces-new-logo-and-branding/
* * * * *
Strike Back Spring Americas Summit
May 9-11, 2023, in Florida
Do you have a case study or relevant topic that will “strike” the Health-ISAC Community? Submit your abstract today to share it in May.
Submit here:
https://www.cvent.com/c/abstracts/357495e5-7573-4aad-968a-dc70fe0240af
Attendee feedback on what want they to hear:
NIST CSF and supporting guidelines, standards, assessments * Supply chain security * Brand protection / brand fraud (i.e., spoofed AR remittance websites and emails) * OT * Lab security * Case studies covering how an issue was tackled and the results * Cyber insurance * CTI or IR * Zero trust from the perspectives of core strategy / philosophy, operating principles and resource access * Business contingency and resiliency.
* * * * *
AUTOMATED SHARING
Service Spotlight –
Indicator Threat Sharing
Health-ISAC Indicator Threat Sharing (HITS) is a real-time exchange of cyber threat indicators to mitigate potential threats against critical organizational assets and infrastructure.
HITS allows members to easily connect and quickly share cyber threat intelligence through machine-to-machine automation. Multiple threat feeds are available for Members to ingest into their environment. Members share indicators observed in their environment with the Health-ISAC community, which strengthens the entire sector.
Get started https://h-isac.org/automated-feed-transition/
* * * * *
WORKSHOP AND INAUGURAL EUROPEAN HOBBY EXERCISE
Health-ISAC Healthcare Cybersecurity Workshop, hosted by ICON
Location: Dublin, Ireland
Day: Wednesday, April 19
Time: 09:30 am – 4:30 pm IST
Join other stakeholders in the healthcare cybersecurity community to share, network, and learn. These workshops provide an opportunity for healthcare professionals to:
- Share best practices, lessons learned, and new ideas & solutions with other Members
- Meet and build relationships with your colleagues
- Take information and lessons learned to implement and incorporate at healthcare organizations
Topics include:
- OT Security
- Security Awareness
- Information Sharing
Inaugural European Exercise
On April 20, Health-ISAC will also conduct it inaugural European Exercise in Dublin. Similar to the annual Hobby Exercise, it will identify gaps and increase healthcare sector resiliency.
Learn more about the exercise in this video:
* * * * *
COLLABORATIVE EXERCISE
Health-ISAC staff had the opportunity to observe the annual incident response tabletop exercise of Member CRISP Shared Services (CSS).
The January 17, 2023, cyber attack scenario exercise was designed to test CSS’s incident response plan and included CSS stakeholders and Electronic Health
Information Exchange (HIE) partners.
The facilitated exercise began with business as usual with increasing impacts through recovery efforts and lasted four hours.
Other observers included HHS/HC3, CISA, and designated Microsoft contacts.
* * * * *
PODCAST – MED DEV & THIRD PARTY RISK
Phil Englert, Director of Medical Device Security for Health-ISAC, discusses the industry’s concerns regarding third party vendors and medical devices.
The Collective Voice of Health IT, A WEDI Podcast – Episode 87 link to podcast: https://www.listennotes.com/podcasts/the-collective/episode-87-third-party-yRWwEpqMBU8/https://www.listennotes.com/podcasts/the-collective/episode-87-third-party-yRWwEpqMBU8/
* * * * *
UPCOMING EVENTS
View all Health-ISAC Events here
February 7 at 1pm: Navigator webinar by Dellfer
Medical Devices Breaking Bad: A Discussion Around Security
https://h-isac.org/hisacevents/medical-devices-breaking-bad-by-dellfer/
February 15 at 2pm: Navigator webinar by Cyware
Extending the Reach of Threat Intelligence: The Need for Collective Defense
https://h-isac.org/hisacevents/extending-the-reach-of-threat-intelligence-by-cyware/
March 7 in Santa Clara, California
Health-ISAC / Healthcare Cybersecurity Workshop Hosted by Agilent
https://h-isac.org/hisacevents/health-isac-healthcare-cybersecurity-workshop-hosted-by-agilent/
March 9 in San Diego, California
Health-ISAC / Healthcare Cybersecurity Workshop Hosted by Rady Children’s
https://h-isac.org/hisacevents/hosted-by-rady-childrens-hospital/
Monthly Member Events
2/1 – ETC webinar at 12pm ET
https://h-isac.org/hisacevents/health-isac-monthly-etc-from-community-services/
2/28 – Member Threat Briefing
Last Tuesday of each month at 12pm ET
https://h-isac.org/hisacevents/health-isac-member-only-mtb-february-2023/
- Related Resources & News
- Leveraging ISO 81001-5-1 Amid Medical Device Procurement
- Mitigating risk as healthcare supply chain attacks prevail
- Enhancing Cybersecurity in Rural Hospitals
- Health-ISAC Hacking Healthcare 11-15-2024
- Cyber Incident Response: Playbook for Medical Product Makers
- Feds Warn of Godzilla Webshell Threats to Health Sector
- Trump’s Return: Impact on Health Sector Cyber, HIPAA Regs
- Health-ISAC Hacking Healthcare 11-7-2024
- Protecting the Healthcare Supply Chain Against Russian Ransomware Attacks
- All hospitals should be concerned about cyberattacks. Here’s why