Health-ISAC

Register before April 18 and save money. https://lnkd.in/e-MBAqnf Start out the week with this Health-ISAC workshop: Seminar and Tabletop Exercise (TTX): Enhancing Security Preparedness in the Health Sector Which Roundtable Discussion will you attend? AI and Identity: How Healthcare Organizations Should Leverage the Tech; Health-ISAC Intelligence Hub; Aligning Security Expectations Between MDMs and HDOs; or CISO? #healthit #hisac #healthtech

Come to Rome this October to present your latest findings or best practices and to learn from health sector security peers. The Call for Papers is open! Learn more here https://lnkd.in/eYEta_8S #healthisac #healthtech #healthit

New Cybersecurity Policies Could Protect Patient Health Data By Errol Weiss, Health-ISAC Chief Security Officer. As healthcare policy takes center stage, recently enacted cybersecurity legislation is poised to redefine patient privacy and data security. At the forefront of these changes are the?Healthcare Cybersecurity Act of 2024?and the?Health Infrastructure Security and Accountability Act of 2024, passed in 2024 and took effect in January 2025. These laws aim to address the evolving threats to sensitive health information and ensure stronger patient protection. Cybercriminals target healthcare organizations daily, seeking to exploit sensitive data, including medical histories, insurance details, and even genomic information. The new legislation tackles these challenges from multiple angles: one act focuses on strengthening infrastructure and federal coordination to prevent breaches. At the same time, the other emphasizes privacy and accountability by holding organizations to higher standards. These policies provide a roadmap for protecting patient data in an increasingly digital and interconnected healthcare landscape. Read the full article https://lnkd.in/eNNifbhm #healthit #criticalinfrastructure #healthcaresystem

Speaking at the HIMSS 2025 Global Conference, Greg Garcia, Executive Director of the Health Sector Coordinating Council - Cybersecurity Working Group, outlined an initiative aimed at mapping the vulnerabilities of interconnected healthcare systems. “The healthcare industry is deeply interdependent,” Garcia said. “Every service—from payments to prescriptions to electronic health records—relies on a vast digital infrastructure. Identifying cyber chokepoints is a necessary step in safeguarding the industry.” The Health Sector Coordinating Council is spearheading an initiative called the?Strategic Mapping of Active Risk and Threats (SMART), designed to break down healthcare workflows and pinpoint digital vulnerabilities. By tracking critical dependencies—such as third-party vendors, IT systems, and cloud-based services—the initiative aims to equip hospital executives with a clear risk assessment framework. Learn more about the SMART initiative https://lnkd.in/etjpbSv2 #healthit #criticaldependencies #criticalinfrastructure

Sharing some photos and attendee feedback from this week's APAC Summit in Kuala Lumpur, Malaysia. ?? "Good mix of topics with regional and global focus, excellent organising by the Health-ISAC team. " ? ?? "The networking opportunities are absolutely a blast! Not to mention, being able to listen, learn and connect with experts from different areas of healthcare." ? ?? "I like that it was not overly crowded. This allows the smaller group to gel quickly. Thank you. Good platform to network with like-minded IT Security peers." Mark your calendars for next year's APAC Summit in Bali, Indonesia. #healthisac #healthit #informationsharing

Be sure to catch this session at CVE/FIRST VulnCon on April 4th: 'Diagnosing the Hurdles in the Medical Device Regulatory Landscape' with Health-ISAC's Ethan Muntz and Taylor Porter. Recent high-profile cybersecurity incidents impacting critical infrastructure have brought the issue of insufficient cybersecurity into the foreground for legislators all around the world. Legal discussions in this space were amplified by the mass implementation of AI into modern technologies. As nations grapple with evolving cybersecurity challenges posed by increasingly sophisticated adversaries and the integration of new technologies, medical device manufacturers have had to adapt to new legislative frameworks to remain compliant. Through its premarket submissions, the US Food and Drug Administration (FDA) approved the use of 1,000 medical devices with AI-incorporated features between 1995 and 2024. The majority of these devices were approved within the past five years. With the integration of AI comes the concern of managing AI risk and its potential vulnerabilities. The FDA has released Considerations for the Use of Artificial Intelligence to Support Regulatory Decision-Making for Drug and Biological Products, providing guidance for submitting AI-enabled medical devices to the FDA before public sale in the US. Medical device manufacturers must also consider the EU regulations when entering the global market, notably the EU AI Act. The EU AI Act is the first legislation in the world to determine acceptable and unacceptable use cases of AI. Given that healthcare and life sciences are quite sensitive, AI integration into these systems falls under the high-risk category, making manufacturers comply with numerous standards before selling their products in the EU. As AI continues to become more prevalent within the healthcare sector, more regulations surrounding its implementation will likely be submitted. Therefore, the regulatory landscape will likely become more tumultuous as AI becomes a mainstream technology. Healthcare organizations should prioritize adopting a flexible compliance strategy in the wake of an increasingly dynamic regulatory landscape. VULNCON CVE (Changing Visions of Energy) FIRST #cybersecurity #criticalinfrastructure #healthsector

At a session in the Cybersecurity Pavilion of ViVE last month, Censinet, presented the company’s 2025 cybersecurity benchmark for the healthcare sector. This year’s benchmark revealed that for the third year in a row, organizations are focusing on respond and recover capabilities. The findings compare company surveys to industry readiness frameworks, including NIST 2.0 and CPGs, highlighting the evolving landscape of healthcare cybersecurity.? Censinet co-sponsored the benchmarking study with KLAS Research, the American Hospital Association, Health-ISAC, Health Sector Coordinating Council, and the Scottsdale Institute. The benchmark was based on surveys sent to 73 healthcare organizations.? Read the findings here. https://lnkd.in/e-K7GjKt #healthit #healthcaresecurity #incidentresponse

?? Exclusive Monthly Threat Briefings for Health-ISAC Members! ?? Stay ahead of the latest threats with these power-packed, insider-only briefings led by the Health-ISAC Threat Operations Center team! Taking place on the last Tuesday and Wednesday of each month, you get to choose between: ?? The Americas MTB – Tuesdays at 12 Noon ET ?????The European MTB - Wednesdays at 3:00 PM CET ? Presentations cover topics ranging from trending impacts on healthcare, emerging threats, physical security, and legal & regulatory updates, including some content geared specifically toward the European or Americas locations. Members will receive instructions on how to register via email. This topic will only be featured in the European session: Dark Markets Cracked: Law Enforcement Operation

On March 18, 2025, the American Hospital Association (AHA) and Health-ISAC observed a?social media post?related to the active planning of a coordinated, multi-city terrorist attack on hospitals in the coming weeks.? The AHA and Health-ISAC have created and are sharing this bulletin out of an abundance of caution to spread awareness of the potential threat. The AHA and Health-ISAC are in close contact with the FBI regarding the threat and will provide additional information as it becomes available. At this time, no information is available to either corroborate or discount this threat’s credibility. Generally, foreign terrorist groups do not publicize their upcoming attacks. However, this widely viewed post may encourage others to engage in malicious activity directed toward the health sector, so threats of this nature should be taken seriously. Security teams should review emergency management plans and spread awareness of the potential threat internally. It is recommended that organizations review and evaluate the coordination and capabilities of physical security, cybersecurity, and emergency management plans. Also, increasing relationships with local and federal law enforcement may streamline response efforts during an attack. In addition, staff and security teams should remain vigilant for any suspicious activity, as well as people or vehicles on organizational premises or in the vicinity of health sector facilities. If any are identified, it is advised to notify local law enforcement immediately. https://lnkd.in/eFkAvCeJ #healthcaresecurity #hospital #healthsystem

Ransomware operators realize most smaller organizations such rural hospitals, clinics and doctor practices don’t have the staff and cybersecurity resources needed to address common threats,?said?Denise Anderson, president and CEO of the Health Information Sharing and Analysis Center (Health-ISAC). “It comes from the top. The CEOs have to be invested in cybersecurity because it’s easier to defend and spend money upfront with investments than have an attack and spend millions trying to fix it,” she said. https://lnkd.in/eqZEST2j #healthit #CISO #healthcaresecurity