View full newsletter here [pdf-embedder url=”” title=”October 2019″]

October 2019 Member Newsletter Highlights

Registration for the H-ISAC
European Summit closes
9 October 2019.

Don’t Miss This Panel of Law Enforcement Experts at the European Summit 

Keynote Description:
Our international panel of law enforcement professionals from the FBI Cyber Division and the UK National Crime Unit will be moderated by a Shadowserver special projects manager whose background includes investigating for London Metropolitan Police and the National Crime Agency (NCA). Learn about recent cybercrime investigations that resulted in the disruption of malware responsible for fraud losses and data breaches across the healthcare sector.

The panel will use real-world case studies to demonstrate how pervasive and destructive malware is, reconstruct the investigation timelines, discuss lessons learned, areas for improvement and opportunities for the healthcare sector to participate in future actions.

Register here:



NEWLY ADDED EVENT: H-ISAC Threat Intelligence Workshop at the H-ISAC Security Operations Center (SOC) in Titusville Florida, to be held November 4, 2019.
More information coming to our website soon


H-ISAC released a new paper entitled 
“Identity for the CISO Not Yet Paying Attention to Identity.”  

The paper lays out why many CISOs are starting to change their mindset on their role in identity, how an identity-centric approach to cybersecurity can improve risk reduction, and what CISOs can do to get started.

This paper is the first of a new H-ISAC series designed to provide CISOs – and the broader health community – a holistic guide on how to best approach Identity and Access Management (IAM) and its role in managing cybersecurity risk.

The series will:  Provide an explanation of key concepts, Outline a framework and best practices, Investigate the various identity solutions, and Highlight the aspects of effective implementation.

Download the first paper today at:

If you have thoughts or feedback on this paper, please complete a short survey here: or send your input to In particular, if there are aspects of the paper that would benefit from further elaboration in future papers, your input will be vital to shaping the
direction of the series.


New H-ISAC Working Group:

Please join us in launching this newly created Data Protection Working Group in the quest to share, collaborate and learn about information protection in this modern world.

Now more than ever, data protection professionals need to reinvent their approach to protect their organization’s data. Increase in regulatory scrutiny, privacy laws, emphasis on 3rd party/4th party managed data and now data in the Cloud to allow ease of collaboration/accessibility are factors that challenge traditional information protection methods.  “Rethink and Retool” is the new approach to information protection in the modern world.

The group will meet the last Thursday of every month at 11:00 am ET and in person at the H-ISAC Fall Summit December 3rd from 9 – 10 am.

To join the group, send an email request to:



Information Sharing Resources for Small, Medium and Large Healthcare Entities
and Medical Device Manufacturers

The new Healthcare Cybersecurity Matrix of Information Sharing Organizations (HIC-MISO) helps organizations of all sizes identify information sharing resources and what services they have available. This printable resource simplifies the process of finding information sharing organizations and information feed sources that best fit their environment. The Matrix toolkit defines the Broadcast and Collaborative types of information sharing available from public resources, ISACs and ISAOs.

H-ISAC Chief Security Officer, Errol Weiss, serves as co-chair for the Health and Public Health Sector Coordinating Council (HSCC) task force that created the Matrix resource. In an interview with Marianne Kolbasuk McGee of Information Security Media Group, Weiss describes how this resource assists healthcare organizations to build awareness and preparedness by allowing quick navigation to the various sources so organizations can find information feeds that best fit their size, needs and security maturity level.

The interview is available in this link

Smaller healthcare entities will find free resources available to bolster their information security stance and help assess their security maturity level to understand what processes they need to have in place to absorb information feeds to use in their environment. Medical Device organizations will find several information feeds listed for medical device security from both the public and private sectors.

Healthcare organizations are encouraged to treat HIC-MISO as a living document; therefore, Healthcare and Public Health Sector Coordinating Council welcomes additional information to add to this matrix on the HSCC website.

The current HIC-MISO is located here  and a Printable pdf version of HIC-MISO is available here


Translate »