NH-ISAC Frequently Asked Questions

nhisac-conference

What Does NH-ISAC Mean?

NH-ISAC stands for National Health Information Sharing and Analysis Center.

NH-ISAC is headquartered at the Global Situational Awareness Center (GSAC), Global Institute for Cybersecurity + Research, Space Life Sciences Laboratory, NASA/Kennedy Space Center.

What Is An ISAC?

Information Sharing and Analysis Centers (ISACs) help critical infrastructure owners and operators protect their facilities, personnel and customers from cyber and physical security threats and other hazards. ISACs collect, analyze and disseminate actionable threat information to their members and provide members with tools to mitigate risks and enhance resiliency.

The concept of ISACs was introduced and promulgated pursuant to Presidential Decision Directive-63 (PDD-63), signed May 22, 1998, after which the federal government asked each critical infrastructure sector to establish sector-specific organizations to share information about threats and vulnerabilities. Some ISACs formed as early as 1999, and most have been in existence for at least ten years.

ISACs are trusted entities established by critical infrastructure owners and operators to foster information sharing and best practices about physical and cyber threats and mitigation. Typically non-profit organizations, ISACs reach deep into their sectors, communicating critical information far and wide and maintaining sector-wide situational awareness. ISACs are in the business to facilitate information, not sell it.

Most ISACs have 24/7 threat warning and incident reporting capabilities, and may also set the threat level for their sectors. And many ISACs have a track record of responding to and sharing actionable and relevant information more quickly than government partners.

ISACs have demonstrated success in providing operational services – such as risk mitigation, incident response, and information sharing – that protect critical infrastructures. Other ISAC services include annual meetings, technical exchanges, workshops, and webinars.

To maintain situational awareness across the various critical infrastructure sectors, ISACs collaborate and share threat and mitigation information with each other and other partners through the National Council of ISACs.

What Does The NH-ISAC Do?

NH-ISAC is a trusted community of critical infrastructure owners and operators within the Health and Public Health sector (HPH). The community is primarily focused on sharing timely, actionable and relevant information with each other including intelligence on threats, incidents and vulnerabilities that can include data such as indicators of compromise, tactics, techniques and procedures (TTPs) of threat actors, advice and best practices, mitigation strategies and other valuable material. Sharing can occur via machine to machine or via human to human. The ISAC also fosters the building of relationships and networking through a number of educational events in order to facilitate trust. Working groups and committees focus on topics and activities of importance to the sector and services such as CyberFit offer enhanced services to leverage the NH-ISAC community for the benefit of all.

The NH-ISAC is constantly engaged with external partners such as government, law enforcement, the vendor community, other ISACs and HPH associations such as HIMSS, MDISS, EHNAC and CHIME to facilitate situational awareness and inform risk based decision making to protect the HPH and other critical infrastructure sectors.

What Is NH-ISAC's Mission?

NH-ISAC’s mission is to enable and preserve the public trust by advancing health sector cybersecurity protection and the ability to prepare for and respond to cyber threats and vulnerabilities.

NH-ISAC is the nationally recognized ISAC for the nation’s healthcare and public health critical infrastructure by the nation’s health sector, US HHS, US Department of Homeland Security, NSA, FBI, and the National Council of ISACs.

What Information Is Contained In An Alert?

For both physical and cyber events, alerts contain a description and analysis of the threat or vulnerability, its severity, and countermeasure solutions.

Who Belongs To The NH-ISAC?

• Healthcare Providers – Hospitals, Clinics, Health care organizations, Physicians
• Pharmaceutical Organizations, Pharmacies
• BioTech Companies
• Public Health Departments
• Laboratories, Blood Banks
• Health Insurers
• Medical Device Manufacturers
• Health Technology and Security Companies Supporting the Health Sector
• Home Health Care Agencies

How long has the NH-ISAC operated?

The NH-ISAC was launched in 2010 responding to the cybersecurity needs, goals and objectives of the nation’s healthcare and public health critical infrastructure.

How is the NH-ISAC recognized?

The NH-ISAC is recognized as the official ISAC for the nation’s healthcare and public health critical infrastructure by:

  • The U.S. Department of Health and Human Services (HHS)
  • The Health Sector Coordinating Council (SCC)
  • The National Council of ISACs
  • Intelligence Agencies (US Department of Homeland Security, NSA)
  • Law Enforcement
Why is belonging to th e NH-ISAC so important?

Being a member of the NH-ISAC is the best way you and your organization can extend the scope of your security department. NH-ISAC is a force multiplier. Instead of you and your department of 3 or 30 you now have a department of over 1200 analysts ready to send alerts 24x7.
As each member organization shares Cyber Threat Intel across the sector the virtual landing space for malicious attackers is reduced.

How much does it cost to join?

NH-ISAC’s General Membership Models, defined by the leading representatives of the nation’s health sector, is based on an organization’s business structure and annual revenues.  All members receive the same services.  Click here to view the varying levels of membership available.

Why is there a fee for being a member?

As all ISACs, NH-ISAC is a non-profit organization which is entirely led by and sustained by the private sector.
NH-ISAC offers a variety of value-added cybersecurity intelligence situational awareness, information sharing, analysis and response tools which are resource intensive and cost prohibitive for many.  Members have access to may resources not readily available.

How does my organiation become a member?

Click here to learn about membership in the NH-ISAC.

How long does it take for membership to become official?

To become accepted and activated as a NH-ISAC member: (1) The organization must pass the membership challenge of being either a Covered Entity or Business Associate based on HIPAA guidelines. The NH-ISAC Membership Committee reserves the right to evaluate organizations admittance. (2) The Membership agreement must be signed and executed between the organization and NH-ISAC (3) The organization provides NH-ISAC with designated individual(s) contact information for access credentials, and (4) Once the organization’s membership payment is received, full membership is activated. This process can be completed in weeks depending on the organizations internal processes. A usual onboarding period takes approximately 60 days from initiation of membership to receipt of fee.

What happens when my organization joins?

Your organization will be granted security credentials for three individuals. The NH-ISAC Tech Ops group will entertain more than 3 security contacts if warranted. A member of the NH-ISAC staff will conduct an on-boarding orientation meeting with your organization’s team to ensure a comprehensive understanding of NH-ISAC member services.

Does any government agency have access to the database?

The NH-ISAC receives alerts and information from many sources, including government agencies and law enforcement. However, it is a one way flow of information: NO government agency of any type or law enforcement agency has any access to the NH-ISAC Threat Information Sharing (TIS) Portal or  member-submitted information without formal prior approval (in writing) of the submitting organization. De-identified cybersecurity threat and vulnerability information is shared with appropriate intelligence agencies for mitigation and incident response purposes.

Why IS IT Called NH-ISAC And Not NH-ISAO?

Information and Analysis Centers (ISACs) were created in 1998 under Presidential Decision Directive-63 (PDD-63) to advance the security of critical infrastructure/Key Resources (CIKR) sectors – those sectors deemed vital to the well being of a nation – through the sharing of information within an among the sectors and with government. Information Sharing and Analysis Organizations (ISAOs), first defined in the Homeland Security Act of 2002 are entities or organizations, public or private, formal or informal, non-profit or for-profit that voluntarily form to share information with each other and are not necessarily tied to critical infrastructure sectors.

ISACs are the original ISAOs for the critical infrastructure sectors. However, ISACs play a much bigger role in critical infrastructure protection and resilience than just sharing information. ISACs are a vital operational component in the national partnership framework. ISACs work through the National Infrastructure Protection Plan (NIPP-13) and collaborate with sector specific agencies and coordinating councils to perform structured collaboration within anestablished role in incident response across the CIKR. They are recognized as the designated arms for dissemination of information, manage and set the threat levels, have strong reach and subject matter expertise within their respective sectors. ISACs are all-hazards and look at both cyber and physical. They provide a sector perspective and allow for annonymization and aggregation of data.

What is the Mission of the NH-ISAC?

NH-ISAC’s mission is to enable and preserve the public trust by advancing the global health sector's cyber and physical security protection and resilience as well as enabling the ability to prepare for and respond to cyber and physical threats and vulnerabilities.