By Jeff Wardon, Jr., Assistant Editor

The lapse of the Cybersecurity and Information Sharing Act (CISA) of 2015 amid the government shutdown has disrupted a key channel for sharing cyber threat intelligence between healthcare organizations and federal agencies, The Hill reports. The law provided legal protections for companies exchanging cyber data, helping sectors such as healthcare detect and respond to attacks more quickly. Lawmakers had sought to renew the act for another decade, but disagreements in the Senate stalled reauthorization, leaving a temporary gap in the nation’s cyber defense framework. 

CISA 2015 allowed hospitals, healthcare systems and vendors to share real-time threat intelligence to protect against incoming cyberattacks without threat of repercussions. These protections also encouraged collaboration on detecting ransomware, phishing and supply chain threats that target healthcare systems. 

“The potential lapse of certain federal services and the slowdown in federal warnings can be concerning, especially for the many healthcare organizations that look to the government for guidance and advice,” says Errol Weiss, chief security officer at Health-ISAC.  

Related Content: 3 Pillars of Stronger Cybersecurity in Healthcare

The disruption of long-term relationships during the government shutdown and the expiration of CISA 2015 will reduce information sharing from the private health sector to federal agencies, Weiss says. If the shutdown lasts much longer, it will continue to disrupt the formal flow of information, creating blind spots that cybercriminals can exploit.  

“Adversaries thrive on disruption and reduced visibility,” he says. “We are already on track to witness a record-breaking number of ransomware attacks in 2025, and this is compounded by the pre-existing workforce reductions at CISA and the U.S. Department of Health and Human Services.” 

With the lack of federal incident response reports, the burden grows for healthcare organizations. This scenario is true for smaller hospitals and clinics that lack the sophisticated in-house cybersecurity staff and budget of larger systems. In turn, it can lead to delayed incident detection, slower responses and longer recovery times. 

“Ultimately, my greatest concern is that a major cyber incident — one that the federal government would typically assist in managing — could cause prolonged disruptions in the health sector, impacting patient safety and the ability to provide life-saving services -- people can die,” Weiss says.  

With the government shutdown, he says organizations should assume a reduced federal response capacity, prioritize internal vetting and incident response plans and rely on the foundation of peer-to-peer collaboration. 

Jeff Wardon, Jr., is the assistant editor of the facilities market.