Monthly Newsletter – January 2023
January’s Newsletter features:
- Health-ISAC’s Year in Review – Letter from Health-ISAC President and CEO
- Health-ISAC’s 2022 Fall Americas Summit – Recap
- Community Services — Year End Update
- Working Groups — New Groups add in 2022
- European Workshop — January 12 in Prague, Czech Republic
- Upcoming Events — Webinars
Pdf version:
Text version:
Connecting to Meet the Challenge – An Overview of 2022
2022 had many challenges starting with Russia invading Ukraine and the cyber and physical threats leading up to and after the war started. We saw many ransomware attacks on hospitals and partner organizations all over the globe as well as attacks on critical infrastructure outside of healthcare such as electric substations and airport website defacements in the US, the rail infrastructure in Germany and city and country government systems in Belgium and Costa Rica to name a few.
We’ve also seen a rise in physical threats to healthcare environments with increasing violence and rhetoric around political issues, several large active shooter incidents at hospitals, geopolitical tensions, and natural incidents like heatwaves and hurricanes.
At Health ISAC, the community continued its successful efforts to gather facts, analyze impacts and share best practices and mitigation strategies. We added over 135 new member organizations to the sharing community bringing the number of connected security professionals around the world to more than 7,400. We enhanced our medical device security expertise with the addition of Phil Englert to our team in July.
In 2022 the Health ISAC Threat Operations Center (TOC) augmented Monthly Member Threat Briefings with 158 Finished Intelligence Reports, over 255 Targeted Alerts, over 1,100 TLP AMBER alerts, 8 TOC Spotlight threat and vulnerability webinars, and distributed over 17,700 high fidelity indicators of compromise. Members had almost 200 conversations around best practices and Health-ISAC staff members spoke at over 50 events worldwide and were quoted numerous times in the press.
We connected Members to each other through both customized and table-top exercises, the Hobby Exercise, workshops, and over 30 webinars. Approximately 1,300 people from 42 countries attended our global in-person Summits, which featured almost 90 member presentations. We added five new communities to our active Health-ISAC committees and working groups, and we published our first Annual Current and Evolving Cyber Threat Landscape Report as well as our Health-ISAC Annual Report. We also conducted our first Annual Member Survey, which realized a Net Promoter Score (NPS) of 77.
We continue to position and strengthen the ISAC to allow for even more capabilities in the future with more staff, services, expertise, and technology, such as initiating a CTI Analyst training program at our Americas Summits, conducting a European version of the Hobby Exercise, launching a brand refresh, and implementing a new back-end system that will provide members with self-service tools.
I’m looking forward to working with the community to meet whatever challenges 2023 will bring!
— Denise Anderson, Health-ISAC President and CEO
HIGHLIGHTS FROM DECEMBER’S FALL AMERICAS SUMMIT
Approximately 600 healthcare security peers gathered in Phoenix last month to collaborate with peers, share insights, and learn from speakers and vendors. In addition to working groups and Member Round Table discussions, an abundance of small networking groups were seen in every hallway and seating area throughout the Summit.
By addressing the exciting yet uncertain path in the decades ahead, Keynote speaker Dr. Tiffany Vora flexed attendees’ future-thinking muscles across short term and long term horizons with a combination of transformative innovation, and exponential technologies. She also stressed the importance of weighing the possibilities of each decision we make. Other highlights included Dr. Suzanne Scwhartz’ FDA medical device security update and the fireside chat between Health-ISAC’s CSO Errol Weiss and Google Cloud’s CISO Phil Venable on securing the planet. For those who attended, recorded sessions are available until the end of February 2023
Thank you to everyone. Next stop…..Singapore!
https://h-isac.org/summits/2023-apac-summit/
COMMUNITY SERVICES
Increasing Member Access to Security Solutions
Health-ISAC developed the Community Services program to identify organizations who embrace the security awareness mission and are prepared to make a unique investment toward the betterment of the entire Membership community.
2022 was a great start:
- Grew to 12 Community Service vendors offering special deals, discounted pricing, and – in some cases – free services to Members!
- Hosted multiple opportunities for Community Service vendors to interact with 350+ Members throughout the year during monthly ETC webinars.
- Over 10% of the membership utilized one or more of the solutions offered via the Community Service program in 2022.
- 200+ inquires for more information at the Community Services website https://h-isac.org/community-services/
Thank you and keep an eye out for more offerings coming in 2023!!!
WORKING GROUPS
It has been a busy year for new Working Groups. Members formed five new working groups in 2022 to collaborate on shared pain points and create sharable resources:
- Diversity and Inclusion
- Pharma and Healthcare Insider Threat
- Purple Team
- Regional Tensions
- Social and Political Risks to Healthcare
Learn more about all of the Member working groups: https://h-isac.org/committees- working-groups/
UPCOMING WORKSHOP IN PRAGUE, CZECH REPUBLIC
Workshop capacity is already nearly filled, so register today!
Agenda topics include: NIS2 Directive, Czech Cyber Agency, Insider Threats, OT Security Ransomware Incidents, Cybersecurity Incident Reporting, When Endpoint Security Monitoring Fails. This January 12 full-day workshop is hosted by MSD.
https://h-isac.org/hisacevents/health-isac-health-care-cybersecurity-workshop-hosted-by-msd/
JANUARY HEALTH-ISAC EVENTS
1/17 – The ASM Maturity Model Every Healthcare CISO Must Be Aware of Now – a Team CYMRU Navigator webinar at 12pm ET
1/31 – Member Threat Briefing Last Tuesday of each month at 12pm ET
2/1 – ETC webinar at 12pm ET
- Related Resources & News
- Leveraging ISO 81001-5-1 Amid Medical Device Procurement
- Mitigating risk as healthcare supply chain attacks prevail
- Enhancing Cybersecurity in Rural Hospitals
- Health-ISAC Hacking Healthcare 11-15-2024
- Cyber Incident Response: Playbook for Medical Product Makers
- Feds Warn of Godzilla Webshell Threats to Health Sector
- Trump’s Return: Impact on Health Sector Cyber, HIPAA Regs
- Health-ISAC Hacking Healthcare 11-7-2024
- Protecting the Healthcare Supply Chain Against Russian Ransomware Attacks
- All hospitals should be concerned about cyberattacks. Here’s why