The Health-ISAC’s Quarterly Threat Insights – Q3 2025 highlighted a growing cyber threat associated with broader events and emerging risks, prompting organizations to adopt additional defensive measures. With the health sector’s cyber and physical security landscape evolving rapidly, staying ahead of these threats is critical. The inaugural session of the Quarterly Threat Insights offered updates and expert analysis to help healthcare organizations stay informed and prepared.
Current trends impacting the health sector include several emerging cyber threats. The Shai-Hulud worm is being distributed through malicious NPM packages, embedding itself in other packages owned by the target and exfiltrating data to public GitHub repositories. Phishing campaigns using QR codes are on the rise, with malicious links hidden within images to bypass certain security appliances. Threat actors are also launching typosquatting campaigns using the [dot]med top-level domain, highlighting the need for proactive domain monitoring to detect registrations that mimic legitimate infrastructure.
Additionally, there are continued reports of fraudulent remote IT workers from North Korea applying for positions, likely as part of an ongoing revenue-generation scheme. Threat actors are also impersonating organizations through fake job postings, tricking applicants into sending money for equipment or divulging personally identifiable information, posing significant risks to both individuals and organizational reputation.
The Health-ISAC is a non-profit, member-driven organization focused on protecting the global health sector from cyber and physical threats. By providing real-time alerts, fostering collaboration, and delivering actionable intelligence, Health-ISAC helps healthcare organizations strengthen security and resilience.
Health-ISAC also highlighted trends in cybersecurity related to vulnerabilities in Citrix Netscaler and Cisco Adaptive Security Appliances (ASA) devices. Citrix Netscaler ADC and NetScaler Gateway were identified as vulnerable, prompting over 100 targeted alerts to be sent to member organizations. Cisco ASA devices were similarly vulnerable and have since been exploited by threat actors.
The organization also addressed FDA cybersecurity guidance for medical devices, specifically the Quality System Considerations and Content of Premarket Submissions. The FDA released the final guidance document with updates in June 2025, replacing the previous version issued in 2023. The updated guidance adds Section VII, which aligns FDA recommendations with existing law. Section VII incorporates section 524B of the FD&C Act and defines who must comply and which devices are applicable. It also outlines requirements, including plans and procedures, the design, development, and maintenance of processes to provide reasonable assurance of cybersecurity, the inclusion of a software bill of materials (SBOM), and modifications.
Other notable medical device regulations include the FDA Quality Management System Regulation, the EU Cyber Resilience Act, and rules governing AI-enabled devices.
Health-ISAC also looked into the geopolitical outlook in the Asia Pacific region includes escalating tensions between China and the Philippines, with China declaring the Scarborough Shoal a maritime wildlife refuge. In addition, Australia has made a major investment in asymmetric warfare capabilities.
In the European context, concerns center on Russian drone incursions into Poland and risks to subsea cable resilience. Strategic threat intelligence highlights a sharp increase in organized African cybercrime and ongoing remote IT fraud campaigns originating from North Korea. On a global scale, incidents such as the Oracle E-Business Suite breach and related data extortion underscore the growing threat of executive-targeted cyberattacks.
Dealing with legal and regulatory issues, Health-ISAC addressed the lapse of the Cybersecurity Information Sharing Act (CISA) of 2015, which was signed into law at the end of 2015. The act provided guidelines and processes for cyber information sharing within and between the private and public sectors, defined terms such as ‘cyber threat indicator’ and ‘defensive measure,’ and offered protections shielding entities from potential legal hazards, including antitrust enforcement, Freedom of Information Act requests, regulatory actions, and others. The law expired on Sept. 30, 2025.
The organization also examined challenges associated with reauthorization, including whether to pursue a clean reauthorization or make revisions, the appropriate length of reauthorization, and positions from lawmakers such as Senator Rand Paul. Health-ISAC highlighted the impacts of the CISA 2015 lapse in both the short and long term and discussed potential pathways for temporary or long-term reauthorization, either through a standalone bill or a continuing resolution.
Mitigations and considerations suggested include reviewing internal cyber information sharing policies and processes with legal counsel to assess risk, discussing with critical partners and suppliers how the absence of CISA 2015 protections may affect information sharing or what new mechanisms may be required, and conducting outreach to congressional representatives to urge reauthorization of CISA 2015.
Earlier this month, Health-ISAC celebrated its 15th anniversary, marking years of building a global trusted community and expanding its reach. The organization has played a pivotal role in coordinating the health sector’s response to major cyberattacks and advancing medical device security through its Medical Device Security Council, which brings together healthcare organizations and device manufacturers to address security challenges. Through a robust calendar of summits, workshops, webinars, and educational resources, Health-ISAC has strengthened the security posture of its members and the broader health ecosystem.
“Health-ISAC has had a major impact on the security of the global health industry since our inception 15 years ago,” Denise Anderson, president and CEO of Health-ISAC, said in a media statement. “Our growth and success are a testament to the power of collaboration and the commitment of our members to improve patients’ lives. As threats grow more sophisticated, the need for a unified defense has never been greater. We are proud of the past 15 years of accomplishments, and we look forward to innovating for the future of health, patient safety, and privacy.”
Looking ahead, Health-ISAC remains committed to fostering a safe and resilient health sector. The organization plans to expand its services, enhance intelligence-sharing capabilities, and continue championing cyber and physical security awareness across the global healthcare community.
link