FEMA's Continuous Improvement Technical Assistance Program’s (CITAP)
FEMA's Continuous Improvement Technical Assistance Program’s (CITAP) has several new resources to support after-action reporting (AAR) efforts. Exercises should include child considerations so that pediatric disaster ready improvement in AAR can be monitored.
Guidance Overview Video: FEMA recently released a short overview video on the National Continuous Improvement Guidance. The video summarizes the purpose of the guidance and its content. To watch the video, visit the Continuous Improvement Training playlist on FEMA’s YouTube channel. FEMA plans to release additional short training videos on continuous improvement topics in the future. Updated templates and resources available on the CITAP Preparedness Toolkit (PrepToolkit) website and upcoming events and trainings focused on continuous improvement. FEMA's PrepToolkit
ASPR Launches New Health Care and Public Health Cybersecurity Website
The Administration for Strategic Preparedness and Response (ASPR) has launched a new website with cybersecurity resources and information for health care and public health entities. The website contains links to tools and resources, links to trainings, webinars and other educational materials, and updated news. Learn more and view the new ASPR cybersecurity website.
CISA Tabletop Exercise Package Healthcare and Public Sector
The Healthcare and Public Health (HPH) CISA Tabletop Exercise Package (CTEP) is a tabletop exercise-in-a-box intended to be used by members of the HPH Sector to increase their cyber resilience. This CTEP allows organizations to customize an exercise to fit their needs by modifying its scenario and discussion questions. The CTEP will bring participants through a series of scenario injects including a phishing email, third-party vendor issues, operational hospital impacts, a ransomware attack, and more. Stakeholders utilizing the CTEP can download the situation manual at Cybersecurity Scenarios | CISA and find other resources to assist in the planning/facilitating of the exercise and the post-exercise products at CTEP Package Documents | CISA. At the bottom of the document both planners and participants will find example case studies relevant to the exercise, increasing its authenticity, as well as threat descriptions and resources. Learn more here.
GovCast Podcast: Protecting the Health Care Ecosystem from Cybersecurity Threats, Featuring ASPR's Deputy Director for the Office of Preparedness, Brian Mazanec
Listen to Brian Mazanec, ASPR's Deputy Director of the Office of Preparedness, discuss how to prepare and defend against cybersecurity threats and attacks in the health care and public health sector.
Listen to the full podcast episode from GovCast
American Hospital Association (AHA): Cyberthreat Risk Mitigation Resources
In response to a warning from the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the Multi-State Information Sharing and Analysis Center on a critical vulnerability affecting certain versions of the Atlassian Confluence Data Center and Server that enables malicious actors to obtain access to victim systems and continue to active exploitation post-patch, the AHA has provided a number of resources for hospitals to utilize when taking action.
Read the full article from the AHA
U.S. Food and Drug Administration (FDA) Final Guidance: Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions
November 2, 2023 @ 1pm ET Click here for connection information
FDA will discuss Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions final guidance that it issued. The purpose of this guidance is to provide recommendations on medical device cybersecurity considerations and what information to include in premarket submissions.
The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released an updated version of the joint #StopRansomware Guide.The update includes new prevention tips such as hardening SMB protocols, revised response steps, and added threat hunting insights.
Developed through the U.S. Joint Ransomware Task Force (JRTF), #StopRansomware Guide . The Update includes is designed to be a one-stop resource to help organizations minimize the risks posed by ransomware incidents through best practices to detect, prevent, respond, and recover, including step-by-step approaches to address potential attacks.
CISA and its partners encourage organizations to implement the recommendations in the guide to reduce the likelihood and impact of ransomware incidents. For more information, visit CISA’s Stop Ransomware page.
The CISA, NSA, FBI, and MS-ISAC released a joint guide, Phishing Guidance: Stopping the Attack Cycle at Phase One. The joint guide outlines phishing techniques malicious actors commonly use and provides guidance for both network defenders and software manufacturers to reduce the impact of phishing techniques used in obtaining credentials and deploying malware.
CISA and its partners encourage network defenders and software manufacturers to implement the recommendations in the guide to reduce the frequency and impact of phishing incidents. For more information, see CISA’s Malware, Phishing, and Ransomware and Security-by-Design and -Default webpages.
In this speaker series recording,Rahul Gaitonde, Branch Chief of the HHS Health Sector Cybersecurity Coordination Center (HC3) discusses the mission of HC3, cyber threats impacting the health sector, incident response, and recommendations and best practices. Check out the other recordings in the ASPR TRACIE Health Care System Preparedness Considerations Speaker Series.