Hobby Exercise 2024 After Action Report

TLP: WHITE This report may be shared without restriction.

Note: Health-ISAC Members may download the full version of the report from the Health-ISAC Threat Intelligence Portal (HTIP). Contact Membership Services for assistance.

Abstract

Constantly evolving threats and risks within the health sector require coordinated and effective preparedness, response, and recovery actions within and between the government and private sector entities. In recognition of the value achieved through focused discussion between healthcare sector organizations and government agencies, Health Information Sharing & Analysis Center (Health-ISAC) created the Hobby Exercise Series, to be held regularly in the United States and Europe in order to keep sector entities and their government partners engaged and informed on cybersecurity challenges and the best ways to respond to widely impactful incidents. This document summarizes the discussion and findings from the 2024 Americas Hobby Exercise. Organizations can use this document to educate themselves on the challenges faced during large-scale cybersecurity incidents and to identify areas for improvement.

To access the Report PDF Click Here

In June 2024, Health-ISAC facilitated an all-day workshop and tabletop exercise with Health-ISAC members and United States Government (USG) agencies in Washington, DC. This fifth iteration of the Americas Hobby Exercise was in keeping with prior versions in driving focused discussion among participants to: 

1. Highlight and evaluate whole-of-sector security and resilience challenges impacting the health sector, including cybersecurity preparedness and resiliency, clinical, patient, regulatory, and device manufacturer perspectives, with agreement for action to address issues associated with a potential significant cyber incident.
2. dentify strengths and areas for improvement in timely and actionable event and incident coordination among public and private sector stakeholders during the response to a significant cyber incident, to include trigger levels for coordination.
3. Inform stakeholder capabilities of the health sector public and private sector partnerships and examine challenges faced before, during, and after a significant cyber incident.
4. Inform development of the health sector’s approach to receive, review, and report on lessons learned with associated actionable and timely recommendations for continuous improvement.

The 2024 Americas Hobby Exercise included participants from Health-ISAC, healthcare delivery organizations (HDOs), medical device manufacturers (MDMs), pharmaceutical organizations, health information exchanges (HIEs), and federal government agencies, including the Department of Health and Human Services (HHS), Food and Drug Administration (FDA), Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Department of Homeland Security (DHS). Over the course of several hours, the participants were provided with fictional situation reports that escalated across multiple phases. During each phase, questions were posed that prompted discussion regarding how the various participants would respond, what response actions would be taken, what information they would be seeking both within their organization and from external partners, and what they would expect government agencies and other members of the sector to be doing. These conversations were held in a large group setting.

• Related Resources & News
• Health-ISAC Announces Board Members
• 2024 Newsletter – December
• Health-ISAC Hacking Healthcare 11-26-2024
• Privileged Access Management: A Guide for Healthcare CISOs
• Vulnerability Metrics and Reporting
• 2024 Annual Member Satisfaction Survey Results
• Leveraging ISO 81001-5-1 Amid Medical Device Procurement
• Mitigating risk as healthcare supply chain attacks prevail
• Enhancing Cybersecurity in Rural Hospitals
• Health-ISAC Hacking Healthcare 11-15-2024