Health-ISAC Frequently Asked Questions
What does Health-ISAC mean?
What is an ISAC?
What does Health-ISAC do?
What is Health-ISAC's Mission?
What information is contained in an Alert?
Who belongs to H-ISAC?
• Pharmaceutical Organizations, Pharmacies
• BioTech Companies
• Public Health Departments
• Laboratories, Blood Banks
• Health Insurers
• Medical Device Manufacturers
• Health Technology and Security Companies Supporting the Health Sector
• Ambulatory and EMR organizations
• Home Health Care Agencies
How long has Health-ISAC operated?
Health-ISAC was launched in 2010 responding to the cybersecurity and physical security needs of global healthcare and public health critical infrastructure.
How is Health-ISAC recognized?
Why is belonging to Health-ISAC so important?
Being a member of Health-ISAC can extend the scope of your security department. Health-ISAC is a force multiplier. Instead of you and your department of 3 or 30, you now have a department of over 4,000 Global analysts ready to send alerts 24/7.
As each member organization shares Cyber Threat Intel across the sector, the virtual landing space for malicious attackers is reduced.
How much does it cost to join?
Health-ISAC’s General Membership Models, defined by the leading representatives of the nation’s health sector, is based on an organization’s business structure and annual revenues. All members receive the same services. Click here to view the varying levels of membership available.
Why is there a fee for being a member?
As with all ISACs, Health-ISAC is a non-profit organization entirely led by and sustained by the private sector.
Health-ISAC offers a variety of value-added cybersecurity intelligence situational awareness, information sharing, analysis and response tools which are resource intensive and cost prohibitive for many. Members receive access to many resources not readily available.
How does my organization become a member?
Click here to learn about membership in Health-ISAC.
How long does it take for membership to become official?
To become accepted and activated as an Health-ISAC member: (1) The organization must pass the membership challenge of being either a Covered Entity or Business Associate based on HIPAA guidelines. Health-ISAC Membership Committee reserves the right to evaluate organizations admittance. (2) The Membership agreement must be signed and executed between the organization and H-ISAC (3) The organization provides Health-ISAC with designated individual(s) contact information for access credentials, and (4) Once the organization’s membership payment is received, full membership is activated. This process can be completed in weeks depending on the organization’s internal processes. A usual onboarding period takes approximately 60 days from initiation of membership to receipt of fee.
What happens when my organization joins?
Health-ISAC staff will conduct an on-boarding orientation meeting with your organization’s team to ensure a comprehensive understanding of Health-ISAC member services.
Does any government agency have access to the database?
Health-ISAC receives alerts and information from many sources, some of which are government agencies, International CERT’s as well as Global law enforcement.
Health-ISAC Threat Information Sharing (TIS) Portal and member-submitted information remains the property of the Health-ISAC membership. It is not shared with any outside entity. On occasion whenever a sector wide threat is apparent, de-identified cybersecurity threat and vulnerability information is shared with appropriate intelligence agencies for mitigation and incident response purposes. This information is handled in accordance with the Traffic Light Protocol.
Why is it called Health-ISAC and not Health-ISAO?
How do member organizations benefit from sharing with each other?
What is TLP (Traffic Light Protocol)?
TLP is a set of designations used to ensure that sensitive information is shared with the appropriate audience. Health-ISAC defines its TLP Levels here – https://h-isac.org/h-isac-tlp-definition/