How Healthcare Organizations Can Build Cyber Resilience After CISA’s Expiration

The expiration of the Cybersecurity Information Sharing Act of 2015 (CISA 2015) on September 30 has left healthcare delivery organizations (HDOs) navigating new uncertainty in an already volatile threat landscape. For a decade, the law enabled hospitals and healthcare systems to share cyber threat intelligence with the federal government without risking HIPAA violations or legal exposure.

Now, without clear liability protections and with the CISA still undecided on the future of its Automated Indicator Sharing (AIS) platform, organizations must take proactive steps to strengthen resilience, streamline collaboration, and safeguard patient trust.

A key first step for healthcare organizations to bolster cyber defenses is to align with the National Institute of Standards and Technology (NIST) Cybersecurity Framework, by adhering to zero-trust best practices. At the same time, healthcare leaders should ensure robust identity and access security across core systems such as electronic health record (EHR) environments, shared workstations, and shared mobile programs, to minimize the risk.

Implementing passwordless authentication, centralized credential management, and continuous access monitoring can help organizations reduce complexity and improve compliance, even as regulatory frameworks evolve. In addition, collaboration across organizations will be crucial to staying ahead of threats.

“Cyber adversaries are scaling up,” said Joel Burleson-Davis, Chief Technology Officer at Imprivata, in a recent Digital Health Insights article. “With federal protections gone, unity is now more important than ever. Organizations must take action and prioritize collaborating across industries, sharing signals and defending mission-critical systems together.”

Manual information-sharing processes still exist, but they lack the speed and efficiency that make automation essential for combating fast-moving threats. The consequences can include slower recovery, greater damage after breaches, and serious downstream effects like delayed patient care or lost medical records.

Amid regulatory uncertainty, leveraging digital identity and access management solutions can help healthcare organizations operationalize NIST and HIPAA best practices in their digital transformation efforts.

Learn more about how to safeguard data, ensure trust, and enable secure, efficient access following CISA’s expiration.