Coalfire Participates in Cybersecurity Disaster Exercise at the 2019 HSCC Spring Summit

Rich Curtiss, Director, Healthcare Cyber Risk Services, Coalfire

The Healthcare and Public Health Sector Coordinating Council (HSCC) conducted their biannual Joint Cybersecurity Working Group (JCWG) All-Hands Meeting on April 3-4, 2019. As a member of HSCC, Coalfire participated in the JCWG meeting with other security leaders from across the healthcare industry and was able to take part in their cybersecurity disaster preparedness exercise. The meeting is designated as a Critical Infrastructure Partnership Advisory Council (CIPAC) meeting under the authority of the Department of Homeland Security. 

Some of the key initiatives coming from the HSCC include the development and circulation of the Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients publication and the Medical Device and Health IT Joint Security Plan (JSP). These publications were developed through assigned task groups of government and industry partners to provide salient recommendations and best practices for the respective communities.

The JCWG leadership has initiated the use of table-top cybersecurity exercises to facilitate a best practices discussion between members about scenarios and real-world events as well as share recommendations and other problem-solving approaches. 

The facilitated event was initiated with an “injection” of a ransomware attack that, initially, only affected one hospital system. The injection identified the status of the security incident, and the facilitator leveraged this to gather information from the participants on best practices from a diverse group of healthcare organizations including Healthcare Delivery Organizations (HDOs), pharmaceutical companies, medical device manufacturers, federal government, cybersecurity researchers, H-ISAC and HIMSS.

The injections created a cybersecurity incident scenario that quickly escalated outside of the individual hospital and required assessments about information sharing and response across a broader portion of the healthcare sector. Data collectors gathered information from the breakout sessions, and the team gathered to share results. 

The first “Move” (as designated by the exercise team) was to establish initial indicators and containment strategies, including implementing existing processes, policies, procedures, and plans such as a Security Incident Response Plan, a Business Continuity Plan or a Disaster Recovery Plan.

The second “Move” focused on recovery and resiliency. The same process conducted for Move One was facilitated for Move Two, but the emphasis was on transitioning from containment response to recovery operations.

This is the second table top conducted by the HSCC JCWG, with each one showing improved maturity, additional participation by the membership, and an impressive opportunity to crosscut within the healthcare sector. The exercise showcases the importance of cybersecurity disaster preparedness across the healthcare industry and the need for healthcare systems and vendors to conduct similar exercises to inform their ability to identify, respond, and recover from a significant cybersecurity event.

Rich Curtiss


Rich Curtiss — Director, Healthcare Cyber Risk Services, Coalfire

Recent Posts

Post Topics



Accounting Agency AICPA Assessment assessments ASV audit AWS AWS Certified Cloud Practitioner AWS Certs AWS Summit bitcoin Black Hat Black Hat 2017 blockchain Blueborne Breach BSides BSidesLV Burp BYOD California Consumer Privacy Act careers CCPA Chertoff CISO cloud CMMC CoalfireOne Compliance Covid-19 credit cards C-Store Culture Cyber cyber attacks Cyber Engineering cyber incident Cyber Risk cyber threats cyberchrime cyberinsurance cybersecurity danger Dangers Data DDoS DevOps DevSecOps DFARS DFARS 7012 diacap diarmf Digital Forensics DoD DRG DSS e-banking Education encryption engineering ePHI Equifax Europe EU-US Privacy Shield federal FedRAMP financial services FISMA Foglight forensics Gartner Report GDPR Google Cloud NEXT '18 government GRC hack hacker hacking Halloween Health Healthcare heartbleed Higher Education HIMSS HIPAA HITECH HITRUST HITRUST CSF Horror Incident Response interview IoT ISO IT JAB JSON keylogging Kubernetes Vulnerability labs LAN law firms leadership legal legislation merchant mobile NESA News NH-ISAC NIST NIST 800-171 NIST SP 800-171 NotPetya NRF NYCCR O365 OCR of P2PE PA DSS PA-DSS password passwords Payments PCI PCI DSS penetration Penetration Testing pentesting Petya/NotPetya PHI Phishing Phising policy POODLE PowerShell Presidential Executive Order Privacy program Ransomware Retail Risk RSA RSA 2019 Safe Harbor Scanning Scans scary security security. SOC SOC 2 social social engineering Spectre Splunk Spooky Spraying Attack SSAE State Stories Story test Testing theft Virtualization Visa vulnerability Vulnerability management web Wifi women XSS