September newsletter highlights include:

  • – Upcoming H-ISAC Summit updates
  • – H-ISAC Board of Directors election information
  • – H-ISAC and HSCC call to participate in the Joint Cybersecurity Working Group
  • – H-ISAC Products & Services Satisfaction Survey
  • – H-ISAC Shared Services updates – Third Party Risk Scoring with Security Scorecard
  • – Upcoming workshops and webinars


Pdf version

September 2020.


Plain Text version:


H-ISAC European Summit

Postponed to 2021

With so many H-ISAC member organizations on continued travel restriction surrounding COVID-19, the Health-ISAC Summit Committee has made the difficult decision to postpone this year’s European Summit, which was scheduled to commence next month 20-22 October in the Netherlands. Health-ISAC Events staff are working hard on logistics to change this Summit and the new dates in 2021 will be announced soon. Thank you to all those who turned in presentations and sponsorships; you will be contacted shortly with important information.


H-ISAC Hybrid Fall Summit

Join Health-ISAC for its First Hybrid Summit—both Virtual & In-Person

H-ISAC is excited to bring the best of both worlds to the November 30—December 4 Fall Summit. Those able to travel are invited to come to Phoenix, Arizona for in-person sessions and those with travel restrictions will be able to participate using a new virtual platform.

The Summit Committee is diligently reviewing paper submissions and presenters will be notified September 14. Look for registration to open mid-September.


H-ISAC Board Elections


This year’s Health-ISAC Board election nominations are now closed. Ballots will open for voting in early October. As mentioned in last month’s newsletter, the POC from each member organization will vote on the proposed slate of candidates prepared by the Nominating Committee and approved by the Board.

Board Elections are an opportunity to step forward and make a difference. Serving on the Health-ISAC Board is a position to be an advocate for security maturity both within your own organization and for the global health and public health critical infrastructure. Board members can provide opportunities and circumstances that take down barriers and make it easier to collaborate and share for the benefit of all organizations within the healthcare sector and the patients they serve.

Prepare Now for Next Year’s Elections

The best way to become eligible as a Board candidate is to raise your hand and get involved. H-ISAC seeks senior leadership members who participate in working groups, attend and present at H-ISAC Summits and workshops, contribute to the shared data, and respond to member questions on our communication platforms. Each Board member is comprised of a plethora of different work experiences and contributes a vital service to the H-ISAC community.



Call to Aid Development of Actionable Best Practices for Healthcare Subsectors

Many H-ISAC members are involved with the Health Sector Coordinating Council (HSCC), a U.S. federal advisory committee established to work collectively with the government to address policy and strategic challenges shared across all 6 of the critical healthcare subsectors – Direct Patient Care; Health Information Technology; Health Plans & Payers; Labs, Blood & Pharmaceuticals, Mass Fatality Management Services; and Medical Materials.  H-ISAC and HSCC are considered complementary functions for critical infrastructure  protection – H-ISAC for tactical and operational preparedness and response, and HSCC for longer-term strategic and policy thinking.

Actionable best practices and recommendations are continually being developed by the HSCC Joint Cybersecurity Working Group (JCWG) to improve the security and resiliency of the sector. The success of on-going projects is defined by the time and human capital an organization is willing to commit.  The JCWG has produced 10 guidance documents
and 5 policy letters in the past 18 months ( with several more in the pipeline for publication before the end of the year.

Please participate in this important responsibility. For more information about task group objectives and membership expectations, please request information within /contact/.



  H-ISAC Products & Services Satisfaction Survey

H-ISAC is currently asking for input regarding current services. Please take the 2020 P&S Satisfaction Survey at Additionally, if you are interested in new products or services for
education, medical device security, or third-party risk, please take the appropriate survey on the H-ISAC Portal.


Third-Party Risk Scoring Update
— SecurityScorecard

 H-ISAC members are eligible for complimentary access to

See the details at, Since the
launch in April, 42 members have signed up. The following are
H-ISAC consolidated statistics due to the use of SecurityScorecard:

Average Vendors Followed by Members 93
Total Vendors Followed by Members 2,242
Average Issues Resolved by Followed Vendors 4,983
Total Issues Resolved by Followed Vendors 579,978
Average Followed Vendor Score Improvement (30 days) 1.8% / .7 Pts
Average Followed Vendor Score Improvement (60 days) 3.0 % / 1.2 Pts


 Shared Services Webinar

How Blue Cross and Blue Shield of Kansas City
Broke Down Their TPRM Silos with Prevalent

Webinar date: September 17th at 1pm ET

Registration link:




Find registration links here

H-ISAC Navigator Webinar

How to Stay Ahead of Maze and WastedLocker
Ransomware by SafeBreach

Webinar date: September 16 at 1pm ET

Registration link:


Cyber-Risk Planning Workshop: Remote Care

September 17th at 11am-1pm ET  

AEHIS/CHIME and H-ISAC are hosting a Virtual Cyber-Risk Planning
Workshop on Remote Care for members across both organizations.


H-ISAC European Council Webinar Series

September 11 at 11am GMT

The theme is Red Teaming and will explain the use of Bloodhound to
identify & remediate security gaps.


H-ISAC Webinar: Cybersecurity Resilience in the World of COVID-19

September  18 at 1pm ET

In this H-ISAC webinar, experts discuss real world security experience during the pandemic.


H-ISAC Virtual Security Workshop—Germany

Two Half day sessions September 23/24

Data privacy regulations in Germany;KRITIS 2.0 lessons learned; Healthcare security and Medical Device regulations.











Translate »