California hospitals are a critical element within the disaster
medical response system and work collaboratively with local
government, other health care providers and other agencies to
plan, prepare for and respond to the needs of victims of natural
or man-made disasters, bioterrorism, and other public health
emergencies. Hospital emergency preparedness is a priority for
government at all levels, as well as a key focus of regulatory
and accrediting agencies.
This Operational Continuity-Cyber Incident (OCCI) checklist
provides a flexible template for operational staff and executive
management to respond to and recover from an extended enterprise
outage due to a serious cyber attack.
The checklist’s suggested operational structures and tasks can be
modified or refined according to an organization’s size,
resources, complexity and capabilities.
The checklist represents the best collective thinking of
private-sector cybersecurity and emergency management executives
of the HSCC Incident Response/Business Continuity (IRBC) Task
Group of the Health Sector Coordinating Council’s Cybersecurity
Working Group (CWG). It is not associated in any way with any
regulatory compliance program.
Ransomware is a serious and increasing threat to all
government and private sector organizations,
including critical infrastructure organizations.
All organizations are at risk of falling victim to a ransomware
incident and are responsible for protecting sensitive
and personal data stored on their systems.
This fact sheet provides information for all government and
private sector organizations, including critical
infrastructure organizations, on preventing and responding to
ransomware-caused data breaches. CISA encourages
organizations to adopt a heightened state of awareness and
implement the recommendations on this linked resource:
This crosswalk provides a view of the CMS Emergency Preparedness
Rule for hospitals in comparison with The Joint Commission (TJC),
National Fire Protection Association (NFPA), Title 22, and
Hospital Preparedness Program (HPP) requirements.
With resources at critically low levels across all regions of the
state, the nation, and worldwide, the best way to get supplies in
California is to request them through the Medical and Health
Operational Area Coordinator (MHOAC) Program.
A list of county MHOAC contacts is here,
and a reference guide for making requests — along with a chart
illustrating the flow of communication and resources
Instructions for requesting supplies through MHOAC — a process
that is tested annually with your hospital and disaster
coordinator during the November Statewide Medical and Health
Exercise — are below.
Hospital initiates the request to the MHOAC using a 213 Resource
Request (RR). Note: Even though hospitals often realize that
local, regional, and state caches may be empty, it is important
to continue submitting 213 RR requests to ensure the requests are
making it to CDC for potential fulfillment.
The MHOAC distributes any local supplies available.
If there are insufficient local/county supplies, the MHOAC
submits the hospital’s 213 RR to the Regional Disaster Medical
and Health Specialist to check for available supplies in the
If there are insufficient supplies in the region, the Regional
Disaster Medical and Health Specialist submits the hospital’s 213
RR to the State Medical and Health Command Center, which is a
combined state command center of the Emergency Medical Services
Authority and the California Department of Public Health.
If there are insufficient state supplies, the Medical and Health
Command Center shares the requests with the State Operations
Center, which then — under the Governor’s emergency declaration —
makes a request from the Strategic National Stockpile and Vendor
If you are using this process and not receiving a response
or the necessary resources you need, please contact Mary Massey,
vice president, emergency preparedness,