All NH-ISAC Members are welcome to participate in the NH-ISAC Working Groups. If you are an NH-ISAC Member and would like to form a Working Group or for additional information on the Working Groups listed below, please email us at firstname.lastname@example.org.
Threat Intelligence Committee
The Threat Intelligence Committee (TIC) is responsible for looking at the cyber threat landscape for the health and public health (HPH) sector and developing strategic direction for the ISAC community to anticipate and prepare for threats. The TIC helps facilitate the planning, coordination, collection, trending, processing and analysis, production of white papers and other materials and dissemination of primarily cyber threat intelligence for the HPH sector through engagement with internal and external stakeholders. The NH-ISAC Threat Intelligence Committee will:
- Define information sharing services for peer-to-peer, hub-and-spoke, and source subscriber threat intelligence sharing models including situational awareness, real-time cyber defense, and threat analysis
- Develop standardized representations for campaigns, threat actors, incidents, tactics techniques and procedures (TTPs), indicators, exploit targets, observables, and courses of action
- Develop tools and technologies to protect subscribers
- Develop a long term vision to shift from reactive to proactive analytics and best cyber practices
Medical Device Cyber Security Information Sharing Council (MDCSISC)
The National Health Information Sharing and Analysis Center (NH-ISAC) established the Medical Device Security Information Sharing Council (MDSISC) on October 1, 2015. The mission of the MDSISC is to bring together stakeholders in the medical device security arena to develop solutions, identify best practices and facilitate the exchange of information that will result in a more efficient and secure use of medical devices and related practices.
Membership is open to medical device manufacturers and stakeholders of the medical device security community that conduct their activities consistent with NH-ISAC’s Operating Rules including Non-Disclosure Agreement, health industry regulations and best practices, and the highest ethical standards.
Emergent Healthcare Identity and Authentication (EHIA)
The EHIA will establish expectations for functionality of healthcare identity and authentication with the NH-ISAC membership and identify industry activities that are furthering this work. Overlapping, conflicting or missing capabilities will be tracked.
NH-ISAC and membership will then identify opportunities to influence activities to create a more harmonized model. We will align with the goals of the 2011 Presidential Directive for a National Strategy for Trusted Identities in Cyberspace (NSTIC).
Cloud Security Working Group
This new working group strives to bring together stakeholders in the health care security arena to develop solutions, identify best practices and facilitate the exchange of information that will result in a more efficient and secure use of cloud services and related practices. Goals include: Share ideas, white papers and new ways of working with cloud providers • Certifications, Checklist/Guidelines/Crosswalk for adoption or participation • Focus on and update management and specific laws or regulations • A CYBERFIT assessment for members to use for cloud adoption highlighting security gaps
Provider Special Interest Council
The purpose of this work group is to find innovative ways to improve cybersecurity while not impeding patient care to lower the risk to the organization that may be vulnerable to attacks by the former employees, contractors, or potential hackers who look to compromise critical systems and steal health records. The goals of the Provider Working Group are to share ideas and generate white papers as well as new solutions to address the new technology within the provider community. Focus areas include: Establish (or adopt) a minimum standard for cybersecurity, Establish standards for tele health technology, Assist with supporting the smaller provider organizations, Increase the share of methods for cybersecurity and data protection, Develop patient/employee friendly cybersecurity approaches, and Assist with training and awareness campaigns
Business Resiliency Committee (BRC)
The overall goal of the working group BRSM is for members to share ideas, best practices, experiences and program success and challenges. In addition, the group will discuss and propose potential solutions and approaches to the opportunities presented and challenges faced in the ever-changing operational and technology landscapes. An example discussion would be integrating new offshore operations offices into a strategic continuity plan. Another example would be developing resiliency plans and appropriate recovery security protections for cloud solutions integrated into the technology stack. BRSM is intended to address the needs, issues and challenges small and medium healthcare entities face in building resiliency in respect to business continuity, disaster recovery, major incident response and crisis management.
Cybersecurity Education and Awareness Committee
The purpose of this new working group is to develop a mechanism whereby members can share ideas and tangible assets that can be leveraged to support the cybersecurity education and awareness programs of our NH-ISAC member community.
Payer Special Interest Council
The purpose of the Payer Special Interest Council is to connect large and small insurance carriers to collaborate and share risk-based cybersecurity and anti-fraud strategies while reducing control impact to the business. We will discuss control frameworks, vendor tools, templates, and other non-proprietary information that can help combat and prevent cyber and fraud risks. Goals include: Development of white papers on cybersecurity approaches and best practices/awareness training, Share/exchange tactics and broad strategies that make material differences in the involved payer organizations and Assist with supporting smaller payer organizations. Focus areas include: Differentiating and addressing Payer vs. Provider cyber/fraud risk, Risk-based strategic and tactical safeguards/frameworks/programs, Control implementation and impacts to the business, Anti-Fraud mitigation strategies – Special Investigation Units (SIU), Tools and vendor feedback, Regulatory items (HIPAA, PCI, etc.) and Current threats/vulnerabilities.
Cybersecurity Analytics Development Working Group
The mission of this working group is to establish formal public/private collaboration comprised of healthcare industry information security leaders committed to the development of advanced threat detection methods. This effort represents a crowdsourced approach to cybersecurity analytics within the healthcare industry, providing improved security at a lower cost. This group is working to establish a strategic approach to analytics development and sharing in order to promote open collaboration among the healthcare community. Leveraging MITRE’s Adversary Tactics, Techniques & Common Knowledge (ATT&CK) framework, each member organization conducts independent research on specific cybersecurity threat tactics. The group meets regularly to share research results, refine the common analytic sharing model, and promote continuous improvement by the member community.
Big Data Working Group
The Big Data Controls Working Group concluded two years with a collaborated white paper on Big Data Security Controls, which will be posted onto the NH-ISAC website in January 2018. This group has decided to focus on analytics and has merged with the above Cybersecurity Detection Analytics Working Group starting January 2018.
Info Sec Incident Response Working Group
This group will share experiences, tactics, wins, and challenges to evolve our collective incident response capabilities and develop robust, sustainable programs in order to minimize damage from incidents and improve information security practices in our industry. Goals include producing a white paper in 2018, sharing best practices across incident detection, response, and analysis disciplines; exploring opportunities of sharing cyber war game and test incident response scenarios; as well as improving efficiency and effectiveness of detect and respond operations by producing measurable, usable outcomes from this working group that members and future members can consume to leapfrog their incident response practices
Pharma and Supply Council
This group is finding innovative ways to detect cyber security risks to the delivery of medical care supplies and lower the risk to the organization that may be vulnerable to attacks by former employees, contractors, or potential hackers who look to compromise critical systems and steal health records. The group shares ideas, cyber threat information and will generate white papers as well as new solutions to address the sharing of indicators of compromise (IOC) or indicators of attack (IOA) as well as information about the threat actors that could negatively affect technology within the pharma and supply community. Goals include: Establish (or adopt) a minimum standard for sharing of cyber security threat information within our vertical of healthcare, Assist with supporting the smaller pharma and supply organizations with shared knowledge, Increase the type of information sharing methods for cyber threat information sharing, Develop easier ways to share the threat intelligence we collective gather, and Assist with training and threat intelligence sharing campaigns.
General Data Protection Regulation (GDPR) Working Group
coming into effect across the EU on May 25, 2018. The group shares ideas, best practices, and guidance on: Right to Access, Breach Notification, Right to be Forgotten, Data Portability, Privacy by Design, Data Minimization, Consent, Data Protection Officers. Activities of the group may consist of some or all of the following: Listserver for the Community to share and exchange information, Monthly virtual/in-person meetings, Development of white papers on privacy approaches and best practices, and Providing input/recommendations to NH-ISAC Board on strategy, priorities etc. on GDPR.
Info Sec Risk Management Working Group
eDiscovery Working Group
Groups Currently in Development:
ID – Authentication Committee
Third Party Risk Governance (TPRG) Working Group