Health-ISAC Monthly Newsletter - February 2023 - Health-ISAC - Health Information Sharing and Analysis Center

Newsletter Features:

APAC Summit – Registration Open and Agenda available
1st Workshop for 2023 – Prague Recap
Spring Americas Summit – CFP is still open don’t miss out on the opportunity to share your knowledge
Member Service Spotlight — HITS
European Workshop and Inaugural Hobby Exercise — April 19th and 20th in Dublin, Ireland hosted by ICON…Register Today
Podcast — Phil Englert speaks on Medical Devices and 3rd Parties
Upcoming Events — Webinars

Pdf version:

2023 February final

Text version:

Don’t Miss Out on Earlybird Registration for the APAC Summit – Now Open!

Collaborate, Connect, and Inform
March 21-23, 2023!

We have several great topics. Here are a few to peak your interest:

– Regulatory Intelligence & Regulatory Change Management
– How to handle 50+ CVEs per day – designing an efficient vulnerability evaluation process for a large product portfolio
– Cybersecurity Management Service – Product Security Transparency for Healthineers and its Customers
– Practical machine learning applications in a SOC environment
– Hacking Healthcare Presents: International Healthcare Data Sharing and Incident Response Preparation.

Attendees continually rate Health-ISAC Summits as excellent for content and the high level of networking. Be part of Health-ISAC’s commitment to strengthen the global healthcare sector.

* * * * *

PRAGUE WORKSHOP HIGHLIGHTS

Health-ISAC started the year in the Czech Republic with a Healthcare Cybersecurity Workshop in Prague on 12 January, hosted at MSD. Forty healthcare security peers gathered to learn and share mitigation strategies and connect within a trusted environment.

Freshly energized attendees spoke about the workshop on LinkedIn:

It was a very enriching experience thanks to participants from both the Private & Public sectors. My main take away is that by sharing valuable
information with each other we all get stronger, and with that we manage to serve our patients better.
The day was excellent. A huge shout out to Health-ISAC, as all I heard throughout the day from all the attendees is that every company should be a part of this organization.
Please consider sharing your best practices as a speaker or hosting a workshop at your facility. March and April locations include California and Ireland. Learn more here https://h-isac.org/events/.

* * * * *

Health-ISAC’s new logo and brand dynamically highlights our commitment to making global healthcare stronger and safer through trusted connections.

View it here: https://h-isac.org/health-isac-introduces-new-logo-and-branding/

* * * * *

Strike Back Spring Americas Summit

May 9-11, 2023, in Florida

Do you have a case study or relevant topic that will “strike” the Health-ISAC Community? Submit your abstract today to share it in May.

Submit here:

https://www.cvent.com/c/abstracts/357495e5-7573-4aad-968a-dc70fe0240af

Attendee feedback on what want they to hear:

NIST CSF and supporting guidelines, standards, assessments * Supply chain security * Brand protection / brand fraud (i.e., spoofed AR remittance websites and emails) * OT * Lab security * Case studies covering how an issue was tackled and the results * Cyber insurance * CTI or IR * Zero trust from the perspectives of core strategy / philosophy, operating principles and resource access * Business contingency and resiliency.

* * * * *

AUTOMATED SHARING

Service Spotlight –

Indicator Threat Sharing

Health-ISAC Indicator Threat Sharing (HITS) is a real-time exchange of cyber threat indicators to mitigate potential threats against critical organizational assets and infrastructure.

HITS allows members to easily connect and quickly share cyber threat intelligence through machine-to-machine automation. Multiple threat feeds are available for Members to ingest into their environment. Members share indicators observed in their environment with the Health-ISAC community, which strengthens the entire sector.

Get started https://h-isac.org/automated-feed-transition/

* * * * *

WORKSHOP AND INAUGURAL EUROPEAN HOBBY EXERCISE

Health-ISAC Healthcare Cybersecurity Workshop, hosted by ICON

Location: Dublin, Ireland
Day: Wednesday, April 19
Time: 09:30 am – 4:30 pm IST

Join other stakeholders in the healthcare cybersecurity community to share, network, and learn. These workshops provide an opportunity for healthcare professionals to:

– Share best practices, lessons learned, and new ideas & solutions with other Members
– Meet and build relationships with your colleagues
– Take information and lessons learned to implement and incorporate at healthcare organizations

Topics include:

OT Security
Security Awareness
Information Sharing

Inaugural European Exercise

On April 20, Health-ISAC will also conduct it inaugural European Exercise in Dublin. Similar to the annual Hobby Exercise, it will identify gaps and increase healthcare sector resiliency.

Learn more about the exercise in this video:

https://youtu.be/x000WoOtySk

* * * * *

COLLABORATIVE EXERCISE

Health-ISAC staff had the opportunity to observe the annual incident response tabletop exercise of Member CRISP Shared Services (CSS).

The January 17, 2023, cyber attack scenario exercise was designed to test CSS’s incident response plan and included CSS stakeholders and Electronic Health
Information Exchange (HIE) partners.

The facilitated exercise began with business as usual with increasing impacts through recovery efforts and lasted four hours.

Other observers included HHS/HC3, CISA, and designated Microsoft contacts.

* * * * *

PODCAST – MED DEV & THIRD PARTY RISK

Phil Englert, Director of Medical Device Security for Health-ISAC, discusses the industry’s concerns regarding third party vendors and medical devices.

The Collective Voice of Health IT, A WEDI Podcast – Episode 87 link to podcast: https://www.listennotes.com/podcasts/the-collective/episode-87-third-party-yRWwEpqMBU8/https://www.listennotes.com/podcasts/the-collective/episode-87-third-party-yRWwEpqMBU8/

* * * * *