FAQ

FAQ2

FREQUENTLY ASKED QUESTIONS

1. What Does NH-ISAC Mean?

2. What Is An ISAC?

3. What Does The NH-ISAC Do?

4. What Information Is Contained In An Alert?

5. Who Belongs To The NH-ISAC?

6. How Long The NH-ISAC Operated?

7. How Is The NH-ISAC Recognized?

8. Why Is Belonging To An ISAC Important?

9. How Much Does It Cost To Join?

10. Why Is There A Fee For Being A Member?

11.Why Should My Organization Join?

12. How Does My Organization Become A Member?

13. How Long Does It Take For Membership To Become Official?

14. What Happens Once My Organzation Joins?

15. Who Has Access To The NH-ISAC Database?

16. Does Any Government Agency Have Access To The Database?

17. How Will The Database Be Used?

1. WHAT DOES ‘NH-ISAC’ MEAN AND WHERE IS NH-ISAC LOCATED?

The National Health Information Sharing and Analysis Center.

NH-ISAC is headquartered at the Global Situational Awareness Center (GSAC), Global Institute for Cybersecurity + Research, Space Life Sciences Laboratory, NASA/Kennedy Space Center; and NH-ISAC West is located in San Diego CA.

2. WHAT IS AN ISAC?

The ISACs were created as a result of Presidential Decision Directive. The directive requested the public and private sector create a partnership to share information about physical and cyber threats, vulnerabilities, and events to help protect the critical infrastructure of the United States.  Subsequent Presidential Policy Directives (PPDs) reaffirm the partnership mission.  In addition to the National Health ISAC, for each of the nation’s critical infrastructures, there is an Information Sharing & Analysis Center (ISAC)  – Financial Services, IT, Water, Communications, Supply Chain, Transportation, Real Estate, Nuclear, Electric, etc.

3. WHAT IS NH-ISAC’s MISSION?

NH-ISAC’s mission is the enable and preserve the public trust by advancing health sector cybersecurity protection and the ability to prepare for and respond to threats and vulnerabilities.

NH-ISAC is the nationally recognized ISAC for the nation’s healthcare and public health critical infrastructure by the nation’s health sector, US HHS, US Department of Homeland Security, NSA, FBI, and the National Council of ISACs (NCI Directorate).

NH-ISAC is the primary communications channel for cybersecurity intelligence, information sharing, countermeasure solutions. incident response,  leading practice and education.

4. WHAT INFORMATION IS CONTAINED IN AN ALERT?

For both physical and cyber events, alerts contain a description  and analysis of the threat or vulnerability, its severity, and countermeasure solutions. NH-ISAC alerts and advisories follow the Lockheed-Martin Cyber Kill-Chain Methodology.

5. WHO BELONGS TO THE NH-ISAC?

• Healthcare Providers – Hospitals, Clinics, Health care organizations, Physicians

• Pharmaceutical Organizations, Pharmacies

• BioTech  Companies

• Public Health Departments

• Laboratories, Blood Banks

• Health Insurers

• Medical Device Manufacturers

• Health Technology and Security Companies Supporting the Health Sector

• Home Health Care Agencies

• Ambulatory Facilities

• Funeral Homes, Mass Fatality Organizations

• Long Term Care Facilities

6. HOW LONG HAS THE NH-ISAC OPERATED?

The NH-ISAC was launched in 2010 responding to the cybersecurity needs, goals and objectives of the nation’s healthcare and public health critical infrastructure.

7. HOW IS THE NH-ISAC RECOGNIZED?

The NH-ISAC is recognized as the official ISAC for the the nation’s healthcare and public health critical infrastructure by:

  • The U.S. Department of Health and Human Services (HHS)
  • The Health Sector Coordinating Council (SCC)
  • The National Council of ISACs (NCI Directorate
  • Intelligence Agencies (US Department of Homeland Security, NSA)
  • Law Enforcement

8. WHY IS BELONGING TO THE ISAC IMPORTANT?

Protecting the critical infrastructure of the United States is a priority for our nation and a responsibility of both the public and private sector. Every sector of the nation’s critical infrastructure has the responsibility for doing its part in protecting their respective critical infrastructure and supporting cross-sector protection, prevention, mitigation, response and recovery.

Being a member of the NH-ISAC is the best way you and your organization can participate with a defining voice in national critical infrastructure protection policies and programs (steady-state and during a crisis), and benefit from 24/7 security intelligence situational awareness, information sharing, countermeasure solutions, nationwide coordinated incident response, leading practice and workforce education.

9. HOW MUCH DOES IT COST TO JOIN?

NH-ISAC’s General Membership Models, defined by the leading representatives of the nation’s health sector, is based on an organization’s business structure and annual revenues.  All members receive the same services.  Please use Contact Submission Form for further information.

RevenueNon-ProfitFor ProfitAcademia or Gov.
$0 - $5Bn$5,000$10,000$5,000
$5Bn - $10Bn$10,000$15,000
$10 Bn - $20 Bn$15,000$25,000
$20 Bn and Above$25,000$50,000

*Government, please use the Contact Submission Form for pricing.

10. WHY IS THERE A FEE FOR BEING A MEMBER?

As all ISACs, NH-ISAC is a non-profit organization which is entirely led by and sustained by the private sector.

NH-ISAC offers a variety of value-added cybersecurity intelligence situational awareness,  information sharing, analysis and response tools which include the following:

24/7 All-Hazards (Cyber and Physical) Security Intelligence Situational Awareness, Daily Alerts and Advisories, Two-Way Information Sharing – National Healthcare & Public Health Threat Information Sharing (TIS) Portal, National Healthcare & Public Health Member Portal, Risk Assessment Tools, Cybersecurity Exercises, Select Discounts from Trusted Partners (Security Services, Technology and Education).

National Healthcare & Public Health Cybersecurity Response System (HPH-CRS)

National Healthcare & Public Health Cyber First Responder Program (HPH-CFR)

National Healthcare & Public Health Emergency Communications Command and Control (HPH-ECC)

National Healthcare & Public Health Cybersecurity Education Framework (HPH-CEF)

11. WHY SHOULD MY ORGANIZATION JOIN?

If you are a health care organization, or serve the health sector, you represent a critical component of the nation’s healthcare and public health critical infrastructure of the United States. Working together, we all have the responsibility for doing out part to help protect our nation’s critical infrastructures.

Membership in the NH-ISAC is the way your organization can help protect the critical infrastructure of the United States.

12. HOW DOES MY ORGANIZATION BECOME A MEMBER?

Please contact NH-ISAC via the Contact Submission Form or you can email us directly via contact@nhisac.org.

13. HOW LONG DOES IT TAKE FOR MEMBERSHIP TO BECOME OFFICIAL?

In order for an organization to become activated as a NH-ISAC member: (1) The organization must be approved by the NH-ISAC Executive Director; (2) The organization provides NH-ISAC with appropriate individual(s) information for security access credentials, and (3)  Once the organization’s membership payment is received, full membership is activated..

14. WHAT HAPPENS ONCE MY ORGANIZATION JOINS?

Your organization will be granted security credentials for up to three individuals. A member of the NH-ISAC staff will conduct an on-boarding orientation meeting with your organization’s team to ensure a comprehensive understanding of NH-ISAC member services and to discuss your security issues and challenges in order for NH-ISAC to fully support each member’s needs, goals and objectives.

15. WHO HAS ACCESS TO THE NH-ISAC THREAT INFORMATION SHARING (TIS) DATABASE?

Only NH-ISAC members with the appropriate security credentials have access to threat information sharing data.

16. DOES ANY GOVERNMENT AGENCY HAVE ACCESS TO THE DATABASE?

The NH-ISAC receives alerts and information from many sources, including government agencies and law enforcement. However, it is a one way flow of information: NO government agency of any type or law enforcement agency has any access to the NH-ISAC Threat Information Sharing (TIS) Portal or  member-submitted information without formal prior approval (in writing) of the submitting organization. De-identified cybersecurity threat and vulnerability information is shared with appropriate intelligence agencies for mitigation and incident response purposes.

17. HOW WILL THE NH-ISAC THREAT INFORMATION SHARING (TIS) PORTAL DATABASE BE USED?

The NH-ISAC TIS database contains information on threats, vulnerabilities, and incidents. NH-ISAC members may use this database to track cyber threats and vulnerabilities, threat indicators, countermeasure solutions, incident response, research and investigations. The NH-ISAC analysts use the database to analysis, identify cybersecurity threat patterns and trends, conduct research, and investigations.  As added services, NH-ISAC also offers advanced analytics to members to study multiple firm IDS data and other sophisticated programs to predict the likelihood of events.

Back to Top