Preparedness & Resiliency Exercise Series After-Action Report 2022
Health-ISAC held several Preparedness & Resiliency exercises in 2022 throughout the United States using an evolving ransomware scenario.
Participants shared best practices, resources, real-life experiences, and recommendations for continuous improvement.
The full version of the After-Action Report was made available to Health-ISAC members.
Executive Summary
This Executive Summary captures the observations and learnings from the exercises consolidated into the following eight category summaries. Health-ISAC encourages health IT and cyber security professionals to consider these lessons learned for continuous improvement in their own organizations:
Malware Detection, Communications, Employee Cybersecurity Training, Crisis Management Team, IT / OT Facilities and Emergency Management Integration, Ransom Payment Decisions, Future Cyber Incident Preventative Measures, and other suggestions in the Miscellaneous category, expounded upon in the briefing.
- Related Resources & News
- AI, Ransomware, and Medical Devices: Safeguarding Healthcare
- Securing Health Data in 2025: The Rising Cybersecurity Challenges
- Software Supply Chains and ISACs – The Inevitability Curve Podcast EP14
- Health-ISAC Hacking Healthcare 1-17-2025
- New HIPAA Cybersecurity Rules Pull No Punches
- What’s in HHS’ Proposed HIPAA Security Rule Overhaul?
- Cyber Threats Know No Borders
- Health-ISAC Hacking Healthcare 1-10-2025
- Google’s rural healthcare cybersecurity initiative
- Gen Z is stealing your health data—and the consequences may be worse than you think