April’s Newsletter features:

  • – Health-ISAC’s 2021 Spring Hybrid Summit
  • – Highlight from a recent H-ISAC Ransomware Preparedness Tabletop Exercise (TTX) — added new benefit for members
  • – Security Awareness Best Practices
  • – What is in a Score? Health-ISAC’s TOC and Membership Engagement Team have been working together by using security ratings to benchmark the cybersecurity programs of Health-ISAC members
  • – Upcoming Virtual Events/Webinars


Pdf version:

April 2021


Text version:

April 2021 Member Newsletter


Here’s the top 10 articles from the DCH:

$4,000 COVID-19 Relief Checks Cloak Dridex Malware

Mimecast Reveals Source Code Theft in SolarWinds Hack

FBI: Over $4.2 Billion Officially Lost to Cybercrime in 2020

Report: 25% of UK Workers Let Their Children Use Their Work Device

Exchange Servers First Compromised by Chinese Hackers Hit with Ransomware 

Hackers Hiding Supernova Malware in SolarWinds Orion Linked to China

Kremlin Calls NYT Report on Planned US Cyberstrikes on Russia Alarming

Virginia Consumer Data Protection Act Signed into Law

Microsoft Exchange Zero-Day Attacks: 30,000 Servers Hit Already, Says Report

FTC Joins 38 States in Takedown of Massive Charity Robocall Operation


Ransomware Preparedness Tabletop Exercise (TTX)


Exercise Overview

Health-ISAC recently planned and conducted a ransomware preparedness virtual tabletop exercise with a member. The four-hour exercise consisted of 70+ participants engaged in both plenary and breakout group discussions focused on response to a ransomware attack. The desired outcomes of the exercise were in part to gain perspective on incident response, identify potential gaps, and learn from others to improve processes and procedures.

Quote 1

 “Our team really got a lot of value from this tabletop exercise and we appreciated the relevance of the scenario to our general location and cyber threats.  It would be helpful to do these somewhat regularly – altering the scenarios according to threat landscape.  Not only does it give us a chance to build up playbooks for incident response by being guided through a potential attack, but it gives us the chance to discuss the topics with our peers within [our organization] in a way that is useful.

Quote 2

“This was a fantastic exercise that spawned a lot of “what if” and “do we have” and “what would you do” conversations amongst our team. We came away with several action items to help enhance our
preparedness for Incident Response.”

With the success of this pilot exercise, Health-ISAC will be offering a TTX as a service for members in the future. Interested members may contact the member engagement team to learn more at membership@h-isac.org using the subject line: ‘TTX as a service.’



HEALTH-ISAC Hybrid Spring Summit

Secured in ParadiseMay 18-20, 2021

View the Agenda

Thank you to everyone who submitted an abstract for consideration. We had quality submissions from both members and vendors. Our Content Committee reviewed, rated and selected a great line up of sessions for the upcoming Spring Hybrid Summit.

View the full agenda here (https://cvent.me/eXbe3G)


Virtual Platform

“Secured in Paradise” official dates are May 18-20 but why wait?  The Virtual Platform will become available to registered attendees on May 3. Begin networking with other attendees. Schedule 1:1 meetings. Explore and watch as the platform grows and evolves leading up to the event kick-off. Get a head start on earning game points for fantastic prizes!


Member Round Tables

Back by popular demand!  Member Round Tables are small group discussions meant to be detailed and technical. Seats are limited. Registered members will have the opportunity to select which Round Tables they wish to attend when the virtual platform opens on May 3. These sessions fill up quickly.




Security Awareness Best Practices

By: Joshua Justice & Brad Regeski, Health-ISAC Threat Operations Center


Security Awareness Training campaigns are effective resources for educating your employees about common phishing tactics, techniques, and procedures. When developing your training, be mindful to: 


  • – Work with stakeholders to identify the specific areas of concern to your organization.
  • – Develop a calendar of activities to address top concerns and risk factors through awareness training and phishing campaigns designed to equip your team with the knowledge they need to combat threats.
  • – Set reasonable, incremental goals and be prepared to make changes if initial approaches fail to produce positive results.
  • – Practice regular, on-going assessments and training.
  • – Ensure security is a collective responsibility; ensure your awareness training is inclusive of all people, processes, and technologies.
  • – Deliver content that engages the audience and provides a foundation for a memorable training activity.
  • – Include a corrective landing page and/or instructional video that launches at the conclusion of a simulated phishing attack.
  • – Avoid the use of any copyrighted material and/or logos as lures used in internal employee phishing campaigns.  Reinforce that any third-party logo is for illustrative or instructional purposes only.
  • – Put metrics in place to assess the impact of your program and to demonstrate a return on investment.
  • – Provide opportunities for self-paced cybersecurity training for individuals who seek to develop their knowledge on emerging threats.


Successful security awareness training tools focus on the overall goal and mission. Developing behavioral change and increasing engagement will foster a culture of cybersecurity and transform your awareness training from an annual event into a sustainable corporate culture with demonstrable returns.






Health-ISAC’s TOC and Membership Engagement Team have been working together by using security ratings to benchmark the cybersecurity programs of Health-ISAC members.  By allowing us to see how organizations compare to others, and also how each health subsector within H-ISAC measures up, we hope to identify additional ways to help improve your cybersecurity hygiene.

The average Health-ISAC member scores on March 25th:

All Health-ISAC members are entitled to a complimentary SecurityScorecard Enterprise license that enables you to monitor yourself and up to five third parties. To take advantage of the offer and see how you stack up to your peers, contact Health-ISAC Shared Services.
Link: https://securityscorecard.com/h-isac.


“SecurityScorecard is the market leading provider of Cyber Risk Ratings. With over 3 million companies scored, (20 Million by the end of 2021), SecurityScorecard is the only True Continuous Monitoring Solution on the market (number one according to both Gartner and Forrester) that lets you monitor and grade the External Cybersecurity Posture of ANY organization (their scores have a statistically relevant correlation with breach risk). Customers leverage SecurityScorecard’s solution to support a variety of use-cases that include, but are not limited to, Vendor Risk Management / Supply-Chain Risk Management, Enterprise Monitoring and Regulatory Compliance.” 

Request access here https://h-isac.org/ssc-offer/




UPCOMING HEALTH-ISAC WEBINARS registration links https://h-isac.org/events/



Security and Compliance Weekly Episode #68

Hosted by Jeff Mann
Featuring Errol Weiss, Health-ISAC Chief Security Officer

On April 06, 2021 at 12:00 Noon to 1 pm EDT, join Health-ISAC’s CSO, Errol Weiss to hear the latest and greatest information about ISACs and information sharing.

Click here to view the podcast:  https://securityweekly.com/scw68




Protect Against DDoS and Ransomware Attacks as They Grow in Complexity

A Health-ISAC Navigator Webinar by NetScout

Register now at




Shared Services Webinar


H-ISAC Member Discussion: CVSS & Staffing for Threat and Vulnerability Management Program


Monday, April 12th at 11:00 am – 12:00 pm ET

This webinar is for current H-ISAC Members Only.

The registration link will be sent via email to the Members List – Subject: H-ISAC Announcements




The Criticality of Lateral Movement Detection


A Health-ISAC Navigator Webinar by Attivo

Thursday, April 15th at 10:00 am PST / 1:00 pm EST

Register now at






Translate »