Inside Cybersecurity Shares Health-ISAC 2021 Annual Report

The information sharing and analysis center for the health sector expanded its membership, ramped up delivery of alerts and cyber tools, and offered multiple points for peer-to-peer engagement across the diverse community responsible for securing health systems, according to the body’s first annual report.

The Health-ISAC report, released Thursday, details “a highly successful year” that included sharing over 65,000 indicators of compromise, over 400 targeted alerts and the addition of over one hundred organizations to its “trusted sharing community.”

The report says over 40 percent of the ISAC’s members have adopted a new Automated Threat Indicator Sharing platform, while noting that “In 2021, over 90% of Member organizations used Health-ISAC’s Threat Intelligence Portal (HTIP). HTIP allows for the delivery of valuable threat data from a variety of sources to Members in a consolidated feed of informative and actionable threat intelligence.”

Further, “Health-ISAC began capturing feedback with online survey tools to help Members determine what is state-of-the-art and what would be considered best-practice for a number of operational areas. Members often bring a topic of interest to the TOC team, who develops these ideas into a survey to capture feedback across the community. Over 30 surveys were conducted in 2021.”

In addition, the report says, “Health-ISAC is the only organization that brings together Medical Device Manufacturers and Health Delivery Organizations to support the security of Medical Devices within Healthcare, thus supporting patient safety. This collaboration is done through the Medical Device Security Information Sharing Council with over 300 participants from 135 different organizations.”

This group offered a variety of briefings and services related to the Log4j software vulnerability that affected systems across sectors.

The ISAC also produced white papers and conducted training sessions and exercises focused on areas including ransomware. It held three in-person summits in 2021.

The H-ISAC is led by president and CEO Denise Anderson, a cyber policy veteran who also chaired the National Council of ISACs and was formerly vice president of the Financial Sector-ISAC. H-ISAC chief security officer Errol Weiss also hails from the financial sector, where he was a senior security official at Bank of America and Citigroup.

“In our inaugural annual report, you will see how Health-ISAC and the health community connect to meet our unified mission to advance physical and cyber resilience and prepare for threats and vulnerabilities to global healthcare,” Anderson said in a message leading the report. – Charlie Mitchell (cmitchell@iwpnews.com)