Preparedness & Resiliency Exercise Series After-Action Report 2022

Health-ISAC held several Preparedness & Resiliency exercises in 2022 throughout the United States using an evolving ransomware scenario.

Participants shared best practices, resources, real-life experiences, and recommendations for continuous improvement.

The full version of the After-Action Report was made available to Health-ISAC members.

Executive Summary

This Executive Summary captures the observations and learnings from the exercises consolidated into the following eight category summaries. Health-ISAC encourages health IT and cyber security professionals to consider these lessons learned for continuous improvement in their own organizations:

Malware Detection, Communications, Employee Cybersecurity Training, Crisis Management Team,  IT / OT Facilities and Emergency Management Integration, Ransom Payment Decisions, Future Cyber Incident Preventative Measures, and other suggestions in the Miscellaneous category, expounded upon in the briefing.

View PDF

• Related Resources & News
• Potential Terror Threat Targeted at Health Sector – AHA & Health-ISAC Joint Threat Bulletin
• New Cybersecurity Policies Could Protect Patient Health Data
• CyberWire Podcast: PHP flaw sparks global attack wave
• Health-ISAC Hacking Healthcare 3-14-2025
• HSCC Aiming to Identify Healthcare Workflow Chokepoints
• New Healthcare Security Benchmark Highlights Key Investment Priorities and Risks
• Are Efforts to Help Secure Rural Hospitals Doing Any Good?
• CISA cuts $10 million annually from ISAC funding for states amid wider cyber cuts
• 2024 Health-ISAC Discussion Based Exercise Series After-Action Report
• Cobalt Strike takedown effort cuts cracked versions by 80%