Coalfire Teams with Healthcare and Public Health Sector Coordinating Council (HSCC) for Fall Summit

Rich Curtiss, Director, Healthcare Cyber Risk Services, Coalfire

The Department of Homeland Security (DHS) charged the Healthcare and Public Health Sector Coordinating Council (HSCC) with serving as a partnership between the private and public healthcare sectors.1 To that end, two unique councils were formed: The Healthcare and Public Health Government Coordinating Council (HGCC) was established by presidential directive to sustain the essential functions of the nation’s healthcare and public health system; the HSCC is a companion council established by presidential directive as a private sector counterpart with similar mission objectives. A key difference between the two is the HSCC is a purely voluntary organization whose membership is solicited to provide influence and expertise within the healthcare industry.

The HSCC meets twice a year and held their 2018 Joint Coordinating Council Fall Summit and Sector Tabletop Exercise at HCA in Nashville, Tenn., from October 9-11. The HSCC meetings fall under the DHS Critical Infrastructure Partnership Advisory Council (CIPAC), which assists in facilitating the sessions and ensures confidentiality of meeting content.2

The HSCC convened with a Joint Cybersecurity Working Group3 (JCWG) All-Hands Meeting to discuss “Task Group” status including security risk management, medical technology, and cybersecurity best practices efforts. There is a total of 13 task groups working under JCWG covering different aspects of cybersecurity impacting healthcare organizations. This was a CIPAC covered meeting, so details can only be disclosed to those healthcare entities that are part of the SCC.

Day two convened with a professionally facilitated, major healthcare incident response “table-top” exercise to elicit participant recommendations, responses, and best practices. Coalfire contributed to this exercise as a key healthcare cybersecurity expert. This, too, was a CIPAC covered activity. An added benefit was the opportunity to attend the Health and Human Services (HHS) daily call on the Hurricane Michael response. 

The HSCC concluded the Fall Summit with a series of presentations and a discussion about the HPH sector forward planning including the GCC and SCC. Coalfire is pleased to be a member of HSCC and JCWG, where a number of our healthcare security experts participate in different task groups and contribute to deliverables produced by JCWG.

The HSCC is growing and maturing, and industry participation is key to the success of the sector moving forward. It was both an honor and a privilege to participate in crafting the future of the healthcare and public health critical infrastructure sector.




Rich Curtiss


Rich Curtiss — Director, Healthcare Cyber Risk Services, Coalfire

Recent Posts

Post Topics



Accounting Agency AICPA Assessment assessments ASV audit AWS AWS Certified Cloud Practitioner AWS Certs AWS Summit bitcoin Black Hat Black Hat 2017 blockchain Blueborne Breach BSides BSidesLV Burp BYOD California Consumer Privacy Act careers CCPA Chertoff CISO cloud CMMC CoalfireOne Compliance Covid-19 credit cards C-Store Culture Cyber cyber attacks Cyber Engineering cyber incident Cyber Risk cyber threats cyberchrime cyberinsurance cybersecurity danger Dangers Data DDoS DevOps DevSecOps DFARS DFARS 7012 diacap diarmf Digital Forensics DoD DRG DSS e-banking Education encryption engineering ePHI Equifax Europe EU-US Privacy Shield federal FedRAMP financial services FISMA Foglight forensics Gartner Report GDPR Google Cloud NEXT '18 government GRC hack hacker hacking Halloween Health Healthcare heartbleed Higher Education HIMSS HIPAA HITECH HITRUST HITRUST CSF Horror Incident Response interview IoT ISO IT JAB JSON keylogging Kubernetes Vulnerability labs LAN law firms leadership legal legislation merchant mobile NESA News NH-ISAC NIST NIST 800-171 NIST SP 800-171 NotPetya NRF NYCCR O365 OCR of P2PE PA DSS PA-DSS password passwords Payments PCI PCI DSS penetration Penetration Testing pentesting Petya/NotPetya PHI Phishing Phising policy POODLE PowerShell Presidential Executive Order Privacy program Ransomware Retail Risk RSA RSA 2019 Safe Harbor Scanning Scans scary security security. SOC SOC 2 social social engineering Spectre Splunk Spooky Spraying Attack SSAE State Stories Story test Testing theft Virtualization Visa vulnerability Vulnerability management web Wifi women XSS