Shauli Zacks
Published on: June 17, 2025
SafetyDetectives recently interviewed Denise Anderson, President and CEO of Health-ISAC, a global organization dedicated to enhancing cybersecurity and physical security across the healthcare sector. With a unique background spanning crisis management, business strategy, and emergency response, Denise has spent decades fostering threat intelligence sharing among critical industries. Now at the helm of Health-ISAC, she leads efforts to build trusted relationships across healthcare organizations worldwide — helping members detect, prevent, and respond to ever-evolving threats. In this interview, Denise shares her journey, the importance of collaboration in a competitive industry, and how Health-ISAC is tackling today’s most pressing risks, from ransomware and DDoS attacks to AI-driven threats and medical device vulnerabilities.
Can you share a bit about your background and what led you to join Health-ISAC?
I’m sort of a jack-of-all-trades and have had broad experience in business, communications, events, and crisis management. I also had a long background in information sharing and industry collaboration around threats. Before I moved to Health-ISAC, I was employee number two at the Financial Services ISAC (FS-ISAC). Bill Nelson, who was president of FS-ISAC, liked my EMT/Firefighter and credit and collection background and I used my skills to help grow the ISAC in services, membership, and global reach.
When Health-ISAC was in need of leadership, Jim Routh, who was chair of the Health-ISAC board at the time and who I knew from FS-ISAC, twisted my arm and I eventually answered the call. It also helped that I love medicine. I managed a 21-physician practice while in college and debated about becoming a doctor. I ended up getting my MBA instead, but now that I’m back in the health sector, I feel I’ve come full circle. And nothing beats the mission of improving and saving lives. I don’t doubt I would have made a great doctor, but I really loved what I do today. I find it very rewarding.
For those unfamiliar, what is Health-ISAC’s core mission, and how does it support the healthcare sector in today’s threat landscape?
Our mission statement reads:
“To empower trusted relationships in the global Health Sector to prevent, detect, and respond to cybersecurity and physical security events so that Members can focus on improving health and saving lives.”
We believe it is our role to protect and support the global health sector as much as we can. First and foremost, we offer a trusted community forum where members can share information around threats, mitigation strategies and best practices, among other things. We provide myriad services such as webinars, workshops, summits, blogs, thought leadership papers, exercises, threat alerts, automated threat indicator feeds and more, many of which are free and available via our Health-ISAC website.
There is also access to security tools as well as our targeted alerts, where we share specific information with a particular organization that has been targeted by a threat or threat actor. Our threat operations center works with the organizations to understand the threat and protect against it, whether they are members or not. We’ve published several alerts with partners such as the AHA broadly around threats. One great example was during the Petya/Not Petya attack, which happened in June 2017. 64 individuals from 30 organizations worked together to determine the ground truth, the attack vector, how the attack spread and developed a mitigation strategy to stop it.
This information was published on our website to help all organizations and industries. Another example occurred when we shared a targeted alert with a non-member provider around a Distributed Denial of Service (DDoS) attack. They thanked us profusely. They had thought they had a website misconfiguration and spent three days trying to resolve the issue. They didn’t realize they were the victim of an attack. Once they got the alert, they were able to remediate the problem immediately and patients were then able to access their accounts and other information via the organization’s website.
What are some of the most pressing cybersecurity threats you’re seeing right now across healthcare and public health organizations?
Ransomware is still the biggest threat to health sector operations. I don’t see that going away anytime soon. Credential theft, insider threat, geopolitical tensions, espionage, concentration risk and malicious attempts to cause disruption are constant threats. Violence and fraud are escalating astronomically. Operational Technology (OT) threats are growing as well. It is important to understand the threat actors and their motivations and to have situational awareness.
It is essential to have a mindset that no matter where or what the activity, we need to understand the potential impacts to organizations. Cable cuts, nation state activity such as countries targeting communication systems, energy and water infrastructure should all raise the hair on the back of our necks because we won’t be able to care for patients without power, communications, water, and other vital critical infrastructure sectors.
How does Health-ISAC facilitate collaboration between organizations that might otherwise be competitors or siloed from each other?
I’ve been in the information sharing business for decades in sectors that are highly competitive such as finance and the media, but when it comes to sharing threats, competition should be off the table. Threat actors collaborate and offer one another information and services. Shame on us if we don’t share with each other. Health is a highly collaborative sector and that’s been a wonderful attribute to facilitate sharing, but we can do so much better!
First, we need to get the C-Suite to understand why it is so important to share and to support it. That includes directing legal firms to allow for sharing, especially after an incident when indicators and tactics, techniques, and procedures (TTPs) are critical to protect everyone. Second, we need to break down the barriers to global sharing. Threats do not stop at a country border. Many countries see the value of ISACs and want to stand up their own version of one but that is not conducive, effective, or efficient. We need to leverage the mechanisms that already exist and reduce silos to be successful in defeating the threats.
Finally, we need to recognize we are all part of an ecosystem; critical infrastructure sectors, private and public sectors and third parties, as well as the owners and operators. One thing I’m proud of is our Medical Device Cyber Security Council. When I first came to Health-ISAC, medical device manufacturers (MDMs) and Health Delivery Organizations (HDOs) were busy pointing fingers at each other versus working to solve the issues they both face. Today we have over 500 organizations – half MDMs and half HDOs – participating in the Council across EMEA, the Americas and APAC to solve problems and ultimately insure positive patient outcomes.
This is our mission; to work collaboratively for the good of all patients.
With increasing regulatory pressure (like HIPAA updates and the EU’s Cyber Resilience Act), how can healthcare organizations balance compliance and operational security?
I certainly understand the need for regulation, but many times I lump regulation into threats. Regulation is static and in a world like cyber where threats are fast and dynamic, it is often not effective. Also, it can be extremely confusing, expensive, contradictory and resource intensive. Different country governments, different government agencies and other nuances make it extremely difficult to comply. In fact, we’re working on a thought paper to illustrate the detrimental cost of compliance.
When an organization is spending more time, resources, and money on compliance with static regulations than defending against threats, then I would argue regulation is a detriment versus a help. When an organization is forced to report information about an incident within hours and must take resources and time away from actually dealing with the incident, that is not good.
That said, organizations need to stay abreast of the threat environment and put into place basic cyber strategies such as multi-factor authentication (MFA), education, network segmentation, least privilege, end point protection, data loss prevention and have situational awareness through information sharing to ensure that they are resilient. The more organizations can demonstrate their resiliency and security the less there is a need for regulation.
Looking ahead, how is Health-ISAC evolving to address emerging threats like AI-driven attacks, medical device vulnerabilities, or geopolitical cyber risks?
We are having discussions around the use of AI on our platforms to make information sharing more efficient and less time consuming. We also have stood up some member working groups focused on AI topics. Our Medical Device Cyber Security Council has a number of initiatives underway to address things such as pre-public vulnerability alerts, and responsible disclosure.
We work with members and partners to explore geopolitical risks and potential impacts to critical infrastructure and publish regular bulletins, alerts, and white papers on the topic. The threats will not go away, they will only evolve. As we become more connected, more sophisticated, and more dependent on technology, our attack surface will broaden, and threat actors will evolve and adjust. However, when it comes down to it, the basic motivations and tactics do not change.
There is a reason the old Nigerian scams are still around – because they work. It will become more important than ever to stay on top of threats through sharing, situational awareness, and collaboration. We cannot rest on our laurels. We need to continue to grow our community, partner with our stakeholders and continue to evangelize the importance of sharing and collaborating across the globe. We all will be a patient or know a patient at some point, so it behooves us to get this right.
