H-ISAC FREQUENTLY ASKED QUESTIONS

What does H-ISAC mean?

H-ISAC stands for Health Information Sharing and Analysis Center.

H-ISAC is headquartered near Kennedy Space Center in Titusville, Florida.

Mailing Address is:

226 North Nova Road, Suite 391

Ormond Beach, FL 32174

What is an ISAC?

Information Sharing and Analysis Centers (ISACs) help critical infrastructure owners and operators protect their facilities, personnel and customers from cyber and physical security threats and other hazards. ISACs collect, analyze and disseminate actionable threat information to their members and provide members with tools to mitigate risks and enhance resiliency.

The concept of ISACs was introduced and promulgated pursuant to Presidential Decision Directive-63 (PDD-63), signed May 22, 1998, after which the federal government asked each critical infrastructure sector to establish sector-specific organizations to share information about threats and vulnerabilities. Some ISACs formed as early as 1999, and most have been in existence for at least ten years.

ISACs are trusted entities established by critical infrastructure owners and operators to foster information sharing and best practices about physical and cyber threats and mitigation. Typically non-profit organizations, ISACs reach deep into their sectors, communicating critical information far and wide and maintaining sector-wide situational awareness. ISACs are in the business to facilitate information, not sell it.

Most ISACs have 24/7 threat warning and incident reporting capabilities, and may also set the threat level for their sectors. And many ISACs have a track record of responding to and sharing actionable and relevant information more quickly than government partners.

ISACs have demonstrated success in providing operational services – such as risk mitigation, incident response, and information sharing – that protect critical infrastructures. Other ISAC services include annual meetings, technical exchanges, workshops, and webinars.

To maintain situational awareness across the various critical infrastructure sectors, ISACs collaborate and share threat and mitigation information with each other and other partners through the National Council of ISACs.

What does H-ISAC do?

H-ISAC is a trusted community of critical infrastructure owners and operators within the Health and Public Health sector (HPH). The community is primarily focused on sharing timely, actionable and relevant information with each other including intelligence on threats, incidents and vulnerabilities that can include data such as indicators of compromise, tactics, techniques and procedures (TTPs) of threat actors, advice and best practices, mitigation strategies and other valuable material. Sharing occurs both via machine to machine and human to human. H-ISAC also fosters the building of relationships and networking through a number of educational events in order to facilitate trust. Working groups and committees focus on topics and activities of importance to the sector and produce white papers for public sharing. Offerings such as Shared Services provide enhanced services to leverage the extensive H-ISAC community for the benefit of all.

H-ISAC is constantly engaged with external partners such as government, law enforcement, the vendor community, other ISACs and HPH associations such as HIMSS, MDISS, EHNAC and CHIME to facilitate situational awareness and inform risk based decision making to protect the HPH and other critical infrastructure sectors.

What is H-ISAC's Mission?

The mission of H-ISAC is to empower trusted relationships in the healthcare industry to prevent, detect and respond to cybersecurity and physical security events so that members can focus on improving health and saving lives.

What information is contained in an Alert?

For both physical and cyber events, alerts contain a description and analysis of the threat or vulnerability, its severity, and countermeasure solutions.

Who belongs to H-ISAC?

• Healthcare Providers – Hospitals, Clinics, Health care organizations, Physicians, Dental and Chiropractic organizations
• Pharmaceutical Organizations, Pharmacies
• BioTech Companies
• Public Health Departments
• Laboratories, Blood Banks
• Health Insurers
• Medical Device Manufacturers
• Health Technology and Security Companies Supporting the Health Sector
• Ambulatory and EMR organizations
• Home Health Care Agencies

How long has H-ISAC operated?

H-ISAC was launched in 2010 responding to the cybersecurity needs, goals and objectives of the nation’s healthcare and public health critical infrastructure.

How is H-ISAC recognized?

H-ISAC is recognized as the official ISAC for the nation’s healthcare and public health critical infrastructure by:

The U.S. Department of Health and Human Services (HHS)
The Health Sector Coordinating Council (SCC)
The National Council of ISACs
Intelligence Agencies (US Department of Homeland Security, NSA)
Law Enforcement

Why is belonging to H-ISAC so important?

Being a member of H-ISAC can extend the scope of your security department. H-ISAC is a force multiplier. Instead of you and your department of 3 or 30, you now have a department of over 4,000 Global analysts ready to send alerts 24/7.
As each member organization shares Cyber Threat Intel across the sector, the virtual landing space for malicious attackers is reduced.

How much does it cost to join?

H-ISAC’s General Membership Models, defined by the leading representatives of the nation’s health sector, is based on an organization’s business structure and annual revenues. All members receive the same services. Click here to view the varying levels of membership available.

Why is there a fee for being a member?

As with all ISACs, H-ISAC is a non-profit organization entirely led by and sustained by the private sector.
H-ISAC offers a variety of value-added cybersecurity intelligence situational awareness, information sharing, analysis and response tools which are resource intensive and cost prohibitive for many. Members receive access to many resources not readily available.

How does my organization become a member?

Click here to learn about membership in H-ISAC.

How long does it take for membership to become official?

To become accepted and activated as an H-ISAC member: (1) The organization must pass the membership challenge of being either a Covered Entity or Business Associate based on HIPAA guidelines. H-ISAC Membership Committee reserves the right to evaluate organizations admittance. (2) The Membership agreement must be signed and executed between the organization and H-ISAC (3) The organization provides H-ISAC with designated individual(s) contact information for access credentials, and (4) Once the organization’s membership payment is received, full membership is activated. This process can be completed in weeks depending on the organization’s internal processes. A usual onboarding period takes approximately 60 days from initiation of membership to receipt of fee.

What happens when my organization joins?

H-ISAC staff will conduct an on-boarding orientation meeting with your organization’s team to ensure a comprehensive understanding of H-ISAC member services.

Does any government agency have access to the database?

H-ISAC receives alerts and information from many sources, some of which are government agencies, International CERT’s as well as Global law enforcement.

H-ISAC Threat Information Sharing (TIS) Portal and member-submitted information remains the property of the H-ISAC membership. It is not shared with any outside entity. On occasion whenever a sector wide threat is apparent, de-identified cybersecurity threat and vulnerability information is shared with appropriate intelligence agencies for mitigation and incident response purposes. This information is handled in accordance with the Traffic Light Protocol.

Why is it called H-ISAC and not H-ISAO?

Information Sharing and Analysis Centers (ISACs) were created in 1998 under Presidential Decision Directive-63 (PDD-63) to advance the security of critical infrastructure/Key Resources (CIKR) sectors – those sectors deemed vital to the well being of a nation – through the sharing of information within and among the sectors and with government. Information Sharing and Analysis Organizations (ISAOs), first defined in the Homeland Security Act of 2002 are entities or organizations, public or private, formal or informal, non-profit or for-profit that voluntarily form to share information with each other and are not necessarily tied to critical infrastructure sectors.

ISACs are the original ISAOs for the critical infrastructure sectors. However, ISACs play a much bigger role in critical infrastructure protection and resilience than just sharing information. ISACs are a vital operational component in the national partnership framework. ISACs work through the National Infrastructure Protection Plan (NIPP-13) and collaborate with sector specific agencies and coordinating councils to perform structured collaboration within an established role in incident response across the CIKR. They are recognized as the designated arms for dissemination of information, manage and set the threat levels, and have strong reach and subject matter expertise within their respective sectors. ISACs are all-hazards and look at both cyber and physical. They provide a sector perspective and allow for anonymization and aggregation of data.

How do member organizations benefit from sharing with each other?

Members share on a real-time basis every single day of the week and are able to take that intelligence and use it in their environments to block attacks that may be coming their way and likewise share information they are seeing to help other members to defend their networks as well. The threat actors share information. So do we.

What is TLP (Traffic Light Protocol)?

TLP is a set of designations used to ensure that sensitive information is shared with the appropriate audience. H-ISAC defines its TLP Levels here – https://h-isac.org/h-isac-tlp-definition/