Health-ISAC's Quarterly Threat Insights – Q3 2025 highlights an increase in cyber threats related to broader events and new risks, prompting organizations to adopt additional defensive measures. As the cyber and physical security landscape in the healthcare sector rapidly evolves, it is important to stay ahead of these threats. The first session of Quarterly Threat Insights provided the latest information and expert analysis to help healthcare organizations stay informed and prepared.
Current trends impacting the healthcare sector include several new cyber threats. The Shai-Hulud worm is distributed through malicious NPM packages, embeds itself in other packages owned by its targets, and exfiltrate data to public GitHub repositories. Phishing campaigns using QR codes are on the rise, with malicious links hidden within images to evade certain security appliances. Threat actors have also launched typosquatting campaigns using the (dot)med top-level domain, highlighting the need for proactive domain monitoring to detect registrations that mimic legitimate infrastructure.
Additionally, there continue to be reports of fraudulent remote IT workers from North Korea applying for positions, presumably as part of an ongoing revenue generation plan. Threat actors are also impersonating organizations through fake job postings, tricking applicants into paying money to purchase equipment or divulging personally identifiable information, posing significant risks to both individuals and organizational reputations.
Health-ISAC is a member-driven, non-profit organization focused on protecting the global health sector from cyber and physical threats. Health-ISAC helps healthcare organizations improve security and resiliency by providing real-time alerts, fostering collaboration, and providing actionable intelligence.
Health-ISAC also highlighted cybersecurity trends related to vulnerabilities in Citrix Netscaler and Cisco Adaptive Security Appliances (ASA) devices. Citrix Netscaler ADC and NetScaler Gateway were identified as vulnerable, prompting over 100 targeted alerts to be sent to member organizations. Cisco ASA devices are similarly vulnerable and have since been exploited by threat actors.
The organization also addressed the FDA's cybersecurity guidance for medical devices, specifically regarding quality system considerations and premarket submissions. FDA released a final guidance document with updates in June 2025, replacing a previous version published in 2023. The updated guidance adds Section VII, which aligns FDA's recommendations with existing law. Section VII incorporates Section 524B of the FD&C Act and defines who must comply and which devices apply. It also outlines requirements such as plans and procedures, process design, development, maintenance, software bill of materials (SBOM) inclusion, and modification to provide reasonable assurance of cybersecurity.
Other notable medical device regulations include the FDA Quality Management Systems Regulation, the EU Cyber Resilience Act, and rules governing AI-enabled devices.
Health-ISAC also examined the geopolitical outlook in the Asia-Pacific region, including rising tensions between China and the Philippines, including China's declaration of Scarborough Shoal as a marine wildlife sanctuary. Additionally, Australia is investing heavily in asymmetric warfare capabilities.
In the European context, concerns center on Russian drone incursions into Poland and the risks to the resilience of undersea cables. Strategic threat intelligence highlights a surge in organized cybercrime in Africa and continued remote IT fraud campaigns originating from North Korea. On a global scale, incidents such as the Oracle E-Business Suite breach and related data theft highlight the growing threat of cyberattacks targeting business owners.
To address legal and regulatory issues, Health-ISAC addressed the expiration of the Cybersecurity Information Sharing Act of 2015 (CISA), which was signed into law at the end of 2015. The law established guidelines and processes for the sharing of cyber information within and between the private and public sectors, defined terms such as “cyber threat indicators” and “defensive measures,” and provided protections to protect entities from potential legal risks, such as antitrust enforcement and freedom. Information on information law requirements, regulatory measures, etc. This law expired on September 30, 2025.
The organization also considered issues related to reauthorization, including whether to pursue a full reauthorization or make modifications, the appropriate time period for reauthorization, and the positions of senators such as Sen. Rand Paul. Health-ISAC highlighted both the short- and long-term implications of the CISA 2015 expiration and discussed potential paths toward temporary or long-term reauthorization through standalone legislation or a continuing resolution.
Suggested mitigations and considerations include reviewing your internal cyber information sharing policies and processes with your legal advisor to assess risk, talking with key partners and suppliers about how the lack of CISA 2015 protections might impact information sharing or what new mechanisms might be needed, and lobbying your Congressional representatives to encourage reauthorization of CISA 2015.
Earlier this month, Health-ISAC celebrated its 15th anniversary, marking years of building a globally trusted community and expanding its reach. The organization has played a pivotal role in coordinating the healthcare sector's response to large-scale cyberattacks and advancing medical device security through its Medical Device Security Council, which brings together healthcare organizations and device manufacturers to address security challenges. Through a robust calendar of summits, workshops, webinars, and educational resources, Health-ISAC has strengthened the security posture of its members and the broader healthcare ecosystem.
“Health-ISAC has had a significant impact on the security of the global healthcare industry since its founding 15 years ago,” Health-ISAC President and CEO Dennis Anderson said in a media statement. “Our growth and success is a testament to the power of collaboration and our members' commitment to improving the lives of patients. As threats become more sophisticated, the need for unified defense has never been greater. We are proud of our accomplishments over the past 15 years and look forward to innovating for the future of health, patient safety, and privacy.”
Looking to the future, Health-ISAC remains committed to fostering a safe and resilient health sector. The organization plans to expand its services, strengthen its intelligence sharing capabilities, and continue to promote cyber and physical security awareness throughout the global medical community.
