Population Health Information Sharing & Analysis Center (PH-ISAC)

Digital security threats are too diverse and dynamic for any organization to handle alone.

The Population Health Information Sharing and Analysis Center (PH-ISAC) helps health- and transportation-related organizations improve their digital security posture, reducing the risk of a cybersecurity breach.

The PH-ISAC does this through providing threat intel that helps to identify cybersecurity threats and helping organizations document that they are following cybersecurity best practices.

PH-ISAC concentrates on helping health delivery organizations that are small, rural, independent, under-resourced, remote, or just doesn’t “fit in a box.”

That means that we work with organizations such as:

rural and community hospitals, independent practices, rural health clinics, federally-qualified health centers, emergency medical services, non-emergency medical transportation, public transportation, entities that provide social services, community health workers, and mobile integrated health programs.

If a member organization experiences a cybersecurity-related breach, the PH-ISAC is available to help with incident reporting and federal penalties/liabilities avoidance.

PH-ISAC is in the U.S. Department of Health and Human Services (HHS) 405(d) Approaches, recognized by HITECH Act Amendment Public Law 116-321.

Join Here: PH-ISAC Agreement

See What’s Offered: PH-ISAC Tools 

 

FAQs

What’s an ISAC?

An ISAC is an organization for the analysis and sharing of information regarding cybersecurity risks and incidents. 

The Cybersecurity Act of 2015 (CSA) also ensures that private entities sharing information with ISACs in accordance with CSA receive liability protection from the federal government.

Could my organization be penalized by the federal government for sharing information with an ISAC?

Executive Order 13691 is designed to PROTECT all ISAC members against being penalized as they share information regarding cyber-related breaches, interference, compromise, or incapacitation.

What does the PH-ISAC do?

  • Helps participating organizations identify and mitigate security gaps
  • Provides real time threat intel monitoring tools to reduce data breach risk
  • Reduces breach response time and severity, if a breach occurs
  • Provides liability protections through the Cybersecurity Act of 2015
  • Conducts cyber and data security awareness training and workforce development
  • Helps participants comply with state and federal regulatory and privacy requirements and recommendations (e.g., NIST Cybersecurity Framework, HHS 405(d) Health Industry Cyber Practices and other HHS 405(d)-approved recommendations, HIPAA data security compliance, IT risk management)

What is the Digital Health Net Program?

Digital Health Net is the flagship program provided by the PH-ISAC to shore up the cyber posture of safety net medical facilities and entities that they connect to. Digital Health Net does this by:

  • strengthening the workforce with tailored training
  • assessing security risks
  • helping organizations follow a risk management approach tailored to assessment findings
  • monitoring for threats and vulnerabilities, and
  • assisting with information sharing and incidence response

PH-ISAC offers the Digital Health Net because safety net providers are required to follow the same technology regulations as large health systems, yet they have fewer resources (human and financial) to successfully do so.