May’s Newsletter features:

  • – Interview with H-ISAC’s CSO, Errol Weiss, on leveraging the H-ISAC Community during COVID-19
  • – PERCH Webinar
  • – Three Offerings of Healthcare Security Resources: Security Assessment Tools, Self Assessments, and Vulnerability Scanning
  •  – Upcoming Events


May 2020


Leveraging the H-ISAC Community

COVID-19 Response Spurs Security Offerings and Increased Member Sharing 

A conversation with H-ISAC Chief Security Officer, Errol Weiss



What H-ISAC membership offerings have resulted to support COVID-19 response?

H-ISAC has been working with a number of partners to bring additional, high value services to the H-ISAC membership. I know how busy everyone is working in this “new normal” and that many of our members are also being approached by vendors with new and free offers. We’re carefully reviewing any services we bring to the H-ISAC membership, to be sure
those services are an effective mechanism to quickly help improve security for the
healthcare sector.

In terms of what we’ve done recently, we’ve announced new partnerships and offerings from RiskRecon and SecurityScorecard, a free subscription to Flashpoint’s intelligence services, intelligence reports from FireEye, RiskIQ, and LookingGlass, plus additional COVID-19 physical security and situational awareness reporting from our intelligence partner GRF.

We host a Friday afternoon member-only webinar to share IT and infosec challenges and experiences dealing with the COVID-19 pandemic response. A panel of experts from the healthcare sector discusses their experiences and takes Q&A from audience members.

Image showing people talking during a happy hour reception

H-ISAC captures these best practices and threats and shares with membership. Some topics include:

Has information sharing increased or decreased during this challenging time?

Information sharing has exploded during the pandemic response. Information security researchers and cyber threat intelligence professionals have banded together to help the healthcare sector deal with cyber threats like ransomware, phishing and malware. These volunteers were motivated into action after seeing hospitals and other healthcare providers still being targeted by ransomware during the pandemic response. H-ISAC is working closely with several of these volunteer groups, including the CTI League and the Cyber Threat Coalition to obtain Indicators of Compromise (IOCs) associated with new attacks and to learn about companies that may have been compromised The IOCs are shared automatically with H-ISAC members and victims are notified so they can take corrective actions.


What message would you like to get out to our membership today?

We’re all certainly operating in unprecedented times due to the pandemic response. I would remind everyone to leverage the community of H-ISAC. Your peers are a wonderful resource for learning about new attacks, threats and best practices. Get involved in the H-ISAC organization and I guarantee you’ll benefit by getting even more out of it than you put in.



WEBINAR— Threat Detection for the Rest of Us with Perch

H-ISAC and Perch have teamed up to provide a community threat platform just for H-ISAC members. Join this webinar to learn how you can have a first-class threat detection platform complete with SOC support for a fraction of the cost of leading solutions.

Save the date of May 28 at 11:00AM ET.

Registration details coming soon. Go to for more information.



Three Offerings of Healthcare Security Resources:

Security Assessment Tools, Self Assessments, and Vulnerability Scanning


1. RiskRecon Assessment Tool

RiskRecon, a Mastercard company, is offering any healthcare organization free access to their assessment tool through the end of 2020. Firms that need help understanding the security of their digital footprint can use RiskRecon to quickly identify weaknesses and receive recommendations to mitigate those concerns. RiskRecon can also be used to assess the security of critical third-party suppliers.


2. SecurityScorecard Continuous Self-Assessments

SecurityScorecard recently partnered with H-ISAC to assist members with security needs. The SecurityScorecard offering also provides members the ability to perform continuous self-assessments of their environment and critical suppliers.


Both of these offerings can help members quickly assess the security of their external network environment. SecurityScorecard and RiskRecon have both made the enterprise-grade version of their products available for H-ISAC members — providing an effective method for organizations to identify security gaps in their network. Member organizations that have not implemented external perimeter scans of their network, can take advantage of these offers, especially during the pandemic response, in order to improve their security posture.


3. CyHy Vulnerability Scanning Service

Working with the US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA), H-ISAC members can take advantage of the Cyber Hygiene (CyHy) Vulnerability Scanning Service. CyHy provides for proactive identification of vulnerabilities that could be exploited by a malicious actor. There is no cost for the service and runs continuously with weekly reports and ad-hoc alerts as needed.







H-ISAC SECURITY WORKSHOP…..September 16—Greenwood Village, Colorado; USA

H-ISAC CYBER THREAT INTEL TRAINING…..September 22-24—Titusville, Florida; USA

H-ISAC SECURITY WORKSHOP…..September 23&24—Forchheim; Germany

H-ISAC SECURITY WORKSHOP…..October 27—Mounds View, Minnesota; USA

H-ISAC SECURITY WORKSHOP…..October 29—Seattle, Washington; USA

H-ISAC FALL SUMMIT…..Nov 30 – Dec 4—Phoenix, Arizona; USA





HEALTHCARE CYBERSECURITY FORUM…..September 9—Nashville, Tennessee; USA

ENISA TRUST SESRVICES FORUM and CA DAY 2020…..September 22&23— Schloßplatz Berlin, Germany

HEALTHCARE CYBERSECURITY FORUM…..September 22—Boston, Massachusetts; USA

THE MEDTECH CONFERENCE…..October 5-7 – Toronto, Canada


NCHICA AMC SECURITY & PRIVACY CONFERENCE…October 21&22—Durham, North Carolina; USA

CYSEC 2020 new dates!…October 27&28—Dubrovnik; Croatia

HEALTHCARE CYBERSECURITY FORUM…October 28 – Seattle, Washington; USA

HEALTHCARE CYBERSECURITY FORUM…November 12—Los Angeles, California; USA

Translate »