FREQUENTLY ASKED QUESTIONS
The National Health Information Sharing and Analysis Center.
NH-ISAC is headquartered at the Global Situational Awareness Center (GSAC), Global Institute for Cybersecurity + Research, Space Life Sciences Laboratory, NASA/Kennedy Space Center; and NH-ISAC West is located in San Diego CA.
The ISACs were created as a result of Presidential Decision Directive. The directive requested the public and private sector create a partnership to share information about physical and cyber threats, vulnerabilities, and events to help protect the critical infrastructure of the United States. Subsequent Presidential Policy Directives (PPDs) reaffirm the partnership mission. In addition to the National Health ISAC, for each of the nation’s critical infrastructures, there is an Information Sharing & Analysis Center (ISAC) – Financial Services, IT, Water, Communications, Supply Chain, Transportation, Real Estate, Nuclear, Electric, etc.
NH-ISAC’s mission is the enable and preserve the public trust by advancing health sector cybersecurity protection and the ability to prepare for and respond to threats and vulnerabilities.
NH-ISAC is the nationally recognized ISAC for the nation’s healthcare and public health critical infrastructure by the nation’s health sector, US HHS, US Department of Homeland Security, NSA, FBI, and the National Council of ISACs (NCI Directorate).
NH-ISAC is the primary communications channel for cybersecurity intelligence, information sharing, countermeasure solutions. incident response, leading practice and education.
For both physical and cyber events, alerts contain a description and analysis of the threat or vulnerability, its severity, and countermeasure solutions. NH-ISAC alerts and advisories follow the Lockheed-Martin Cyber Kill-Chain Methodology.
• Healthcare Providers – Hospitals, Clinics, Health care organizations, Physicians
• Pharmaceutical Organizations, Pharmacies
• BioTech Companies
• Public Health Departments
• Laboratories, Blood Banks
• Health Insurers
• Medical Device Manufacturers
• Health Technology and Security Companies Supporting the Health Sector
• Home Health Care Agencies
• Ambulatory Facilities
• Funeral Homes, Mass Fatality Organizations
• Long Term Care Facilities
The NH-ISAC was launched in 2010 responding to the cybersecurity needs, goals and objectives of the nation’s healthcare and public health critical infrastructure.
The NH-ISAC is recognized as the official ISAC for the the nation’s healthcare and public health critical infrastructure by:
- The U.S. Department of Health and Human Services (HHS)
- The Health Sector Coordinating Council (SCC)
- The National Council of ISACs (NCI Directorate
- Intelligence Agencies (US Department of Homeland Security, NSA)
- Law Enforcement
Protecting the critical infrastructure of the United States is a priority for our nation and a responsibility of both the public and private sector. Every sector of the nation’s critical infrastructure has the responsibility for doing its part in protecting their respective critical infrastructure and supporting cross-sector protection, prevention, mitigation, response and recovery.
Being a member of the NH-ISAC is the best way you and your organization can participate with a defining voice in national critical infrastructure protection policies and programs (steady-state and during a crisis), and benefit from 24/7 security intelligence situational awareness, information sharing, countermeasure solutions, nationwide coordinated incident response, leading practice and workforce education.
NH-ISAC’s General Membership Models, defined by the leading representatives of the nation’s health sector, is based on an organization’s business structure and annual revenues. All members receive the same services. Please use Contact Submission Form for further information.
|Revenue||Non-Profit||For Profit||Academia or Gov.|
|$0 - $5Bn||$5,000||$10,000||$5,000|
|$5Bn - $10Bn||$10,000||$15,000|
|$10 Bn - $20 Bn||$15,000||$25,000|
|$20 Bn and Above||$25,000||$50,000|
*Government, please use the Contact Submission Form for pricing.
As all ISACs, NH-ISAC is a non-profit organization which is entirely led by and sustained by the private sector.
NH-ISAC offers a variety of value-added cybersecurity intelligence situational awareness, information sharing, analysis and response tools which include the following:
24/7 All-Hazards (Cyber and Physical) Security Intelligence Situational Awareness, Daily Alerts and Advisories, Two-Way Information Sharing – National Healthcare & Public Health Threat Information Sharing (TIS) Portal, National Healthcare & Public Health Member Portal, Risk Assessment Tools, Cybersecurity Exercises, Select Discounts from Trusted Partners (Security Services, Technology and Education).
National Healthcare & Public Health Cybersecurity Response System (HPH-CRS)
National Healthcare & Public Health Cyber First Responder Program (HPH-CFR)
National Healthcare & Public Health Emergency Communications Command and Control (HPH-ECC)
National Healthcare & Public Health Cybersecurity Education Framework (HPH-CEF)
If you are a health care organization, or serve the health sector, you represent a critical component of the nation’s healthcare and public health critical infrastructure of the United States. Working together, we all have the responsibility for doing out part to help protect our nation’s critical infrastructures.
Membership in the NH-ISAC is the way your organization can help protect the critical infrastructure of the United States.
Please contact NH-ISAC via the Contact Submission Form or you can email us directly via email@example.com.
In order for an organization to become activated as a NH-ISAC member: (1) The organization must be approved by the NH-ISAC Executive Director; (2) The organization provides NH-ISAC with appropriate individual(s) information for security access credentials, and (3) Once the organization’s membership payment is received, full membership is activated..
Your organization will be granted security credentials for up to three individuals. A member of the NH-ISAC staff will conduct an on-boarding orientation meeting with your organization’s team to ensure a comprehensive understanding of NH-ISAC member services and to discuss your security issues and challenges in order for NH-ISAC to fully support each member’s needs, goals and objectives.
Only NH-ISAC members with the appropriate security credentials have access to threat information sharing data.
The NH-ISAC receives alerts and information from many sources, including government agencies and law enforcement. However, it is a one way flow of information: NO government agency of any type or law enforcement agency has any access to the NH-ISAC Threat Information Sharing (TIS) Portal or member-submitted information without formal prior approval (in writing) of the submitting organization. De-identified cybersecurity threat and vulnerability information is shared with appropriate intelligence agencies for mitigation and incident response purposes.
The NH-ISAC TIS database contains information on threats, vulnerabilities, and incidents. NH-ISAC members may use this database to track cyber threats and vulnerabilities, threat indicators, countermeasure solutions, incident response, research and investigations. The NH-ISAC analysts use the database to analysis, identify cybersecurity threat patterns and trends, conduct research, and investigations. As added services, NH-ISAC also offers advanced analytics to members to study multiple firm IDS data and other sophisticated programs to predict the likelihood of events.