H-ISAC Frequently Asked Questions

What does H-ISAC mean?
What is an ISAC?
What does H-ISAC do?
What is H-ISAC's Mission?
What information is contained in an Alert?
Who belongs to H-ISAC?
• Pharmaceutical Organizations, Pharmacies
• BioTech Companies
• Public Health Departments
• Laboratories, Blood Banks
• Health Insurers
• Medical Device Manufacturers
• Health Technology and Security Companies Supporting the Health Sector
• Ambulatory and EMR organizations
• Home Health Care Agencies
How long has H-ISAC operated?
H-ISAC was launched in 2010 responding to the cybersecurity and physical security needs of global healthcare and public health critical infrastructure.
How is H-ISAC recognized?
Why is belonging to H-ISAC so important?
Being a member of H-ISAC can extend the scope of your security department. H-ISAC is a force multiplier. Instead of you and your department of 3 or 30, you now have a department of over 4,000 Global analysts ready to send alerts 24/7.
As each member organization shares Cyber Threat Intel across the sector, the virtual landing space for malicious attackers is reduced.
How much does it cost to join?
H-ISAC’s General Membership Models, defined by the leading representatives of the nation’s health sector, is based on an organization’s business structure and annual revenues. All members receive the same services. Click here to view the varying levels of membership available.
Why is there a fee for being a member?
H-ISAC offers a variety of value-added cybersecurity intelligence situational awareness, information sharing, analysis and response tools which are resource intensive and cost prohibitive for many. Members receive access to many resources not readily available.
How does my organization become a member?
Click here to learn about membership in H-ISAC.
How long does it take for membership to become official?
What happens when my organization joins?
Does any government agency have access to the database?
H-ISAC receives alerts and information from many sources, some of which are government agencies, International CERT’s as well as Global law enforcement.
H-ISAC Threat Information Sharing (TIS) Portal and member-submitted information remains the property of the H-ISAC membership. It is not shared with any outside entity. On occasion whenever a sector wide threat is apparent, de-identified cybersecurity threat and vulnerability information is shared with appropriate intelligence agencies for mitigation and incident response purposes. This information is handled in accordance with the Traffic Light Protocol.
Why is it called H-ISAC and not H-ISAO?
How do member organizations benefit from sharing with each other?
What is TLP (Traffic Light Protocol)?
TLP is a set of designations used to ensure that sensitive information is shared with the appropriate audience. H-ISAC defines its TLP Levels here – https://h-isac.org/h-isac-tlp-definition/