PH-ISAC

Digital security threats are too diverse and dynamic for any organization to handle alone.

PH-ISAC helps health and community transportation-related organizations improve their digital security posturereducing the risk of a cybersecurity breach.

PH-ISAC does this through providing threat intel that helps to identify cybersecurity threats and helping organizations document that they are following cybersecurity best practices.

If a member organization experiences a cybersecurity-related breach, PH-ISAC is available to help with incident reporting and federal penalties/liabilities avoidance.

PH-ISAC is in the U.S. Department of Health and Human Services (HHS) 405(d) Approaches, recognized by HITECH Act Amendment Public Law 116-321.

Who PH-ISAC Helps

PH-ISAC concentrates on helping health delivery organizations that are small, rural, independent, under-resourced, remote, or just don’t “fit in a box.”

That means, PH-ISAC works with organizations such as:

  • rural and community hospitals
  • independent practices
  • rural health clinics
  • federally-qualified health centers
  • emergency medical services
  • non-emergency medical transportation
  • public transportation
  • entities that provide social services
  • community health workers
  • mobile integrated health programs
  • rural and community hospitals
  • independent practices
  • rural health clinics
  • federally-qualified health centers
  • emergency medical services
  • non-emergency medical transportation
  • public transportation
  • entities that provide social services
  • community health workers
  • mobile integrated health programs

Frequently Asked Questions

What’s an ISAC?

An ISAC is an organization for the analysis and sharing of information regarding cybersecurity risks and incidents. The Cybersecurity Act of 2015 (CSA) ensures that private entities sharing information with ISACs in accordance with CSA receive liability protection from the federal government.

Could my organization be penalized by the federal government for sharing information with an ISAC?

Executive Order 13691 is designed to PROTECT all members of ISACs against being penalized as they share information regarding cyber-related breaches, interference, compromise, or incapacitation.

How can PH-ISAC help my organization?

Smaller health organizations are required to follow much of the same technology regulations and recommendations as large health systems, yet they have fewer resources (human and financial) to successfully do so. PH-ISAC works with small entities to shore up the cyber posture in a way that makes sense for their size and needs. PH-ISAC does this by:

  • Helping participating organizations identify and mitigate security gaps
  • Providing real time threat intel monitoring tools to reduce data breach risk
  • Reducing breach response time and severity, if a breach occurs
  • Providing liability protections through the Cybersecurity Act of 2015
  • Conducting cyber and data security awareness training and workforce development
  • Helping participants comply with state and federal regulatory and privacy requirements and recommendations (e.g., NIST Cybersecurity Framework, HHS 405(d) Health Approaches, HIPAA privacy and security compliance, & risk management)