Oct 4, 2023 | Disaster Planning for
California Hospitals
Overview:
Cyberattacks against the health sector are proliferating, causing
loss of data, connectivity, operations, reputation, money, and
ultimately, patient safety. Attendees will learn about the Health
Sector Coordinating Council and the many free best practice and
guidance publications the Council has created for scalable
cybersecurity preparedness and response programs. Attendees will
learn some best practices offered by leading health care
enterprises for responding to incidents as they happen, and
recovering from disruptions and maintaining business continuity.
Additionally, attendees will be briefed on the importance of
collective situational awareness and mutual support in
cybersecurity, and how they can get involved in this national
health care cybersecurity effort.
Oct 4, 2023 | Disaster Planning for
California Hospitals
Overview:
A review of lessons learned from development, logistical
challenges, and exercise facilitation for a multi-hospital,
corporate-wide drill. Includes improvement planning activities
from our After-Action Report (AAR). Also, this presentation ties
in our follow-up exercise (June 2023) and shares challenges and
insights from this event.
Oct 3, 2023 | Disaster Planning for
California Hospitals
Overview:
UCLA Health developed an executive ransomware playbook to guide
leaders on the initial detection, confirmation, institutional
response priorities, and decision making following a
cyber-attack. Learn about the unique threat a cybersecurity
incident presents to a hospital and how to use those unique
considerations in the development of a response plan.
This Operational Continuity-Cyber Incident (OCCI) checklist
provides a flexible template for operational staff and executive
management to respond to and recover from an extended enterprise
outage due to a serious cyber attack.
The checklist’s suggested operational structures and tasks can be
modified or refined according to an organization’s size,
resources, complexity and capabilities.
The checklist represents the best collective thinking of
private-sector cybersecurity and emergency management executives
of the HSCC Incident Response/Business Continuity (IRBC) Task
Group of the Health Sector Coordinating Council’s Cybersecurity
Working Group (CWG). It is not associated in any way with any
regulatory compliance program.
John Riggi, senior advisor for cybersecurity and risk at the
American Hospital Association, a nationally recognized
cybersecurity expert and former FBI cyber senior executive has
been on the forefront in directly assisting health care providers
as they prepare for, respond to and recover from ransomware
attacks. Mr. Riggi will discuss his uniquely informed national
perspective on the rash of recent ransomware attacks, identify
the groups behind these attacks, how hospitals and health systems
have become victimized, and what can be done to prevent these
attacks.
Mr. Riggi will also discuss the impact these ransomware attacks
have had on large systems and small hospitals — from lost data
and revenue to civil and regulatory exposure, loss of community
confidence and, most significantly, impact to patient care
delivery and risk to patient safety.
Mr. Riggi will also discuss AHA’s national call to action to the
federal government to utilize all elements of national power to
“defend forward” and disrupt these ransomware attackers who are
being provided safe harbor in adversarial nations. The government
has heard the call and responded.
The Internet of Things (IoT) applications are growing rapidly
with more healthcare organizations adopting the use of security
cameras, drones, internet connected HVAC, and more. However, not
all devices are designed with security in mind. Data breaches in
the news are increasing in frequency. Do you know if your devices
are protected and how you can protect your IoT data?
Ransomware is a serious and increasing threat to all
government and private sector organizations,
including critical infrastructure organizations.
All organizations are at risk of falling victim to a ransomware
incident and are responsible for protecting sensitive
and personal data stored on their systems.
This fact sheet provides information for all government and
private sector organizations, including critical
infrastructure organizations, on preventing and responding to
ransomware-caused data breaches. CISA encourages
organizations to adopt a heightened state of awareness and
implement the recommendations on this linked resource:
Cybersecurity is crucial to hospital disaster planning and
response:
Protection of Sensitive Information: Hospitals
handle sensitive data, including patient information, medical
records, and operational data. Hospitals mus safeguard this
information from unauthorized access, theft, or tampering,
ensuring privacy and confidentiality.
Prevention of Data Breaches: Data breaches can
compromise the integrity of hospital information systems, leading
to the exposure of sensitive data.
Maintaining Operational Continuity: Cyber
attacks, such as ransomware, can disrupt critical systems and
infrastructure, hindering the ability of hospitals to respond
effectively to emergencies.
Securing Critical Infrastructure: Hospital
infrastructure, including facilities, laboratories, and
communication systems, relies on digital technology and
connectivity.
Cybersecurity is integral to hospital emergency response efforts,
as it protect sensitive information, maintains operational
continuity, prevents disruptions, combats disinformation, secures
critical infrastructure, and facilitates collaboration among
stakeholders.
Hospitals are frequently targets for cyber and social engineering
scams following disasters. Hospitals can mitigate their risk by
recognizing and preventing cyber threats, phishing emails,
ransomware attacks, and fraudulent fundraising campaigns.
This tip sheet emphasizes the importance of staff training,
implementing cybersecurity measures, and maintaining awareness of
potential scams to safeguard sensitive information and ensure
operational continuity during emergencies.
This tip sheet outlines common scams attempted in times of
crisis, including spoofs of relief organizations, sham flood
mitigation or debris removal organizations, and flood insurance
robocall scams.
Those who wish to donate to relief funds should:
Donate to known and trusted charities
Be alert for charities that seem to have been created in
connection with current events
Designate the disaster to ensure funds go to disaster relief
rather than a general fund
Never click on links or open attachments in an email unless
the sender is known
Keep antivirus and other computer software updated
The Federal Bureau of Investigation Internet Crime Complaint
Center, also known as IC3, accepts online Internet crime
complaints. Complaints may come from the victim or interested
third party. When filing a complaint be accurate and thorough. Be
sure to include your name, address, and phone number as well as
the perpetrator’s, if known. Include specific details on how,
when, and why as well as any other pertinent information. To file
a claim or for more information click here.