By Kathryn Ayers Wickenhauser, Chief Strategy Officer

Last week, I had the privilege of representing DirectTrust® at the Health Sector Coordinating Council’s Cybersecurity Working Group’s (HSCC CWG) All Hands Across America meeting, a two-day gathering devoted to strengthening our nation’s healthcare cybersecurity posture. The event brought together representatives from government, healthcare delivery organizations, medical device manufacturers, public health, academia, and supporting industries. It was an energizing reminder that cybersecurity extends to every corner of the healthcare ecosystem, and that our shared commitment to collaboration truly moves the sector forward.

The Health Sector Coordinating Council (HSCC) Cybersecurity Working Group (CWG) is an industry-led council of more than 400 healthcare organizations advising the government and health sector on how to protect against and recover from cyber threats to health data and research, systems, manufacturing and patient care. The CWG membership collaboratively develops and publishes freely-available healthcare cybersecurity best practices and policy recommendations, and produces outreach and communications programs emphasizing the imperative that Cyber Safety is Patient Safety.

Setting the Stage: A Sector United in Purpose

From the opening remarks, it was clear that the challenges ahead remain complex and deeply intertwined. Workforce shortages, rising care costs, aging infrastructure, the growing use of AI, and the expanding responsibility we all share to protect sensitive health information were recurring themes. As is the tagline of the HSCC CWG and multiple speakers noted, “Cyber Safety is Patient Safety,” a grounding reminder that the work we do ultimately protects people, not just systems.

Government partner updates underscored this point. Leaders from CISA, FDA, and ASPR emphasized the evolving federal response, including new Cybersecurity Performance Goals, expanded expectations for “reasonable assurance of cybersecurity” across the medical device lifecycle, and a continued push toward elevating cybersecurity to the CEO and Board level.

Publications, Toolkits, and the Push Toward Action

Several sessions highlighted the impressive body of work developed by HSCC CWG’s task groups. Updates included:

  • HIC-SMART (Health Industry Cybersecurity  Sector Mapping And Risk Toolkit): A powerful toolkit for mapping systemic risk and identifying chokepoints across complex healthcare environments. Samantha Jacques and Erik Decker offered insights on how organizations are already using SMART to visualize dependencies and prioritize mitigation.
  • AI Cybersecurity Task Group: Focused on practical, ethical, and secure approaches for AI adoption, including transparency, governance, and clinician upskilling.
  • Public Health Task Group: Emphasizing information-sharing mechanisms and mutual aid to support readiness across the entire sector.
  • Post-Quantum Cryptography Task Group: A timely discussion on the emerging need for transitioning away from today’s vulnerable public-key cryptography and planning for a 5- to 10-year migration window.

These conversations reinforced a shared sentiment: this work cannot sit “on a shelf.” It’s too important; It must be used, implemented, socialized, and continuously improved.

Breakouts Focused on Strategic Implementation

Breakout discussions centered on four priorities from the Health Industry Cybersecurity Strategic Plan: Access, Workforce, Community, and Innovation. Participants were asked to identify specific actions that could be taken by enterprises, subsectors, and government.

The discussions emphasized:

  • Making cybersecurity practices accessible to organizations of all sizes.
  • Expanding the cybersecurity workforce through education, apprenticeships, and sustainable development pathways.
  • Strengthening information-sharing and mutual aid ecosystems to support resilience.
  • Embracing new technologies that improve defense capabilities, including automation and AI.

The prolific output goal—48 ideas across the breakout groups—showed just how much momentum this community has built.

Shark Tank Spotlight: “The Wizard of Clause”

A personal highlight was participating in the “Shark Tank” style breakout, where teams proposed tools and services to accelerate adoption of key HSCC CWG resources, including HICP, SMART, OCCI, the Joint Security Plan, and the new version of the Model Contract. I’m proud to share that our team won for our proposal: “The Wizard of Clause,” a fictional modern contract tool designed to use AI to help organizations rapidly develop medtech cybersecurity contract language based of the HSCC-developed Model Contract. The Shark Tank session brought some levity to the event (especially as Greg Garcia handed out bags of shark gummy candies to winning teams) and sparked meaningful conversations about ways we can support both efficiency and clarity in cross-sector collaboration. This collaborative and fun activity was certainly a highlight of the meeting! 

Celebrating Community: Partnership Medallions

This year also included a special moment of gratitude. I was honored to receive a Partnership Medallion for Outstanding Contributions, alongside our President and CEO, Scott Stuewe, and several other respected colleagues in our community, including Bezawit Sumner (CRISP), Judy Molenaar (Surescripts), and Bill Reid (Google). It was humbling to stand in such company, and it reinforced how much this community values leaders who show up, contribute, and collaborate in their own ways. DirectTrust has been proud to work alongside the HSCC CWG amplifying its critical work through our conference, newsletter, and social media. Furthermore, we appreciate participating in the Task Groups and contributing perspectives on behalf of our members, accredited parties, and broader community. 

Day 2: Board Governance, National Strategy, and Inspiring Future Talent

The second day opened with federal insights from ASPR and thoughtful remarks from Monroe Molesky at the White House Office of the National Cyber Director. His message was clear: cybersecurity can no longer be treated as an IT line item. It is a national security and economic priority that demands executive-level ownership and cross-sector problem-solving.

One of my favorite sessions of the entire event was the closing panel featuring cybersecurity students from the University of Missouri–St. Louis. Their questions about workforce readiness, data privacy, responsible AI, and career development were thoughtful and forward-looking. Hearing what they are learning, and what they hope to contribute, left me feeling deeply optimistic about the next generation of cyber professionals but also considerate of the fact that the industry must help new professionals find opportunities for development and participation.

Looking Ahead

As DirectTrust continues to advance our mission of building trust in a connected world, we remain proud supporters of the HSCC Cybersecurity Working Group. This meeting reaffirmed that collaboration is one of our greatest assets, and that no single organization can tackle these challenges. As someone noted during the SMART session, “Resiliency isn’t something we can do alone.”

We’re already looking forward to the next All Hands Across America meeting on April 15, 2026. Until then, we will continue contributing to this important work, supporting adoption of best practices, and championing the message that Cyber Safety is Patient Safety.

To learn more about the Health Sector Coordinating Council and its resources, visit healthsectorcouncil.org.