Free internet-facing Vulnerability Scanning  service from DHS CISA for H-ISAC members

During this critical time of our Nations’ Healthcare Sector, DHS Cybersecurity & Infrastructure Security Agency (CISA) has partnered with H-ISAC to make available a free, continuous vulnerability scanning service to assess the security of internet facing networks of any H-ISAC member organization interested in enrolling in the service.
CISA’s “Cyber Hygiene” is a Vulnerability Scanning service that helps secure internet-facing systems from weak configurations and known vulnerabilities, and encourages the adoption of modern security best practices. CISA will perform regular network and vulnerability scans and deliver a weekly report for action by the individual H-ISAC member organization.


The Cyber Hygiene service is highly automated and requires little direct interaction.
Here’s a summary of the process to get started:


  • H-ISAC member sends enrollment request to CISA
  • CISA will validate the request and send a scanning agreement to the H-ISAC member
  • H-ISAC member completes scanning agreement and returns to CISA
  • Automated scans will start within 72 hours
  • H-ISAC member will begin receiving reports in 7 to 10 days (any critical findings will be delivered within one business day)
CISA will not share the scanning results without written and agreed consent from the H-ISAC member organization. CISA uses anonymized data to develop non-attributed reports for trending and analysis purposes.
For more information, please see the attached one page informational brochure.


To enroll, send an email to and include a cc to so H-ISAC can confirm you are an H-ISAC member.  In your email to DHS, be sure to include you are a healthcare firm with active stakes in the COVID-19 response.
CyHy Vulnerability Scanning

Translate »