HHS Announces Next Steps in Ongoing Work to Enhance Cybersecurity for Healthcare and Public Health Sectors​
The U.S. Department of Health and Human Services (HHS) released a concept paper that outlines the Department’s cybersecurity strategy for the healthcare sector. The concept paper builds on the National Cybersecurity Strategy that President Biden released last year, focusing specifically on strengthening resilience for hospitals, patients, and communities threatened by cyber-attacks. The paper details four pillars for action, including publishing new voluntary healthcare-specific cybersecurity performance goals, working with Congress to develop supports and incentives for domestic hospitals to improve cybersecurity, and increasing accountability and coordination within the healthcare sector.
Full Press Release

Immediate Bed Availability Guidelines and Toolkit Published to the MIHAN
Hospital Preparedness Program (HPP) staff have been working diligently to get documents completed and posted to the MIHAN. Most recently, the Immediate Bed Availability Decompression Strategy Guidelines and Toolkit was completed and posted. To find this document and many other new documents, log into the MIHAN and go to: Documents – Resource Sharing – Operational Guidelines/Plans/Document.
NOTE: If you don’t have access to the MIHAN and would like a copy of the Immediate Bed Availability Decompression Strategy Guidelines and Toolkit, click on the picture to the right or contact Lauren Korte at [email protected].
​
content.govdelivery.com/attachments/MIDHHS/2023/12/14/file_attachments/2718366/2023.12.13_IBA%20Guidelines%20Document%20v5.0.pdf



Latest Hospital Cyberattack Shows How Health Care Systems' Vulnerability Can Put Patients at Risk
Annie Wolf's open-heart surgery was just two days away when the Hillcrest Medical Center in Tulsa, Oklahoma, called, informing her that her procedure had been postponed after a major ransomware attack.  "I've got a hole in my mitral valve, and basically walking around, I can't breathe," Wolf told CBS News. "And I get very fatigued, very tired, very quickly. If I go to the store, I've got to ride the scooter." Wolf is just one of the patients impacted after Ardent Health Services says it became aware of the cyber breach on Thanksgiving Day affecting 30 hospitals and more than 200 health care sites across six states.

In a statement, Ardent said it immediately began safeguarding confidential patient data, and protectively took its computer network offline, which required some facilities, including two in New Jersey, to divert ambulances to nearby medical centers. Ardent said that "in an abundance of caution, our facilities are rescheduling some non-emergent, elective procedures and diverting some emergency room patients to other area hospitals." Ardent has not announced a timeline for when the issue could be resolved. According to the Institute for Security and Technology, at least 299 hospitals have suffered ransomware attacks in 2023.  
Learn More on Cyberattach Impacts

FEMA's Continuous Improvement Technical Assistance Program’s (CITAP)
FEMA's Continuous Improvement Technical Assistance Program’s (CITAP) has several new resources to support after-action reporting (AAR) efforts. Exercises should include child considerations so that pediatric disaster ready improvement in AAR can be monitored. 
​
Guidance Overview Video: FEMA recently released a short overview video on the National Continuous Improvement Guidance. The video summarizes the purpose of the guidance and its content. To watch the video, visit the Continuous Improvement Training playlist on FEMA’s YouTube channel. FEMA plans to release additional short training videos on continuous improvement topics in the future. Updated templates and resources available on the CITAP Preparedness Toolkit (PrepToolkit) website and upcoming events and trainings focused on continuous improvement.    FEMA's PrepToolkit
​

ASPR Launches New Health Care and Public Health Cybersecurity Website
The Administration for Strategic Preparedness and Response (ASPR) has launched a new website with cybersecurity resources and information for health care and public health entities. The website contains links to tools and resources, links to trainings, webinars and other educational materials, and updated news. Learn more and view the new ASPR cybersecurity website.


CISA Tabletop Exercise Package Healthcare and Public Sector
The Healthcare and Public Health (HPH) CISA Tabletop Exercise Package (CTEP) is a tabletop exercise-in-a-box intended to be used by members of the HPH Sector to increase their cyber resilience. This CTEP allows organizations to customize an exercise to fit their needs by modifying its scenario and discussion questions. The CTEP will bring participants through a series of scenario injects including a phishing email, third-party vendor issues, operational hospital impacts, a ransomware attack, and more. Stakeholders utilizing the CTEP can download the situation manual at Cybersecurity Scenarios | CISA and find other resources to assist in the planning/facilitating of the exercise and the post-exercise products at CTEP Package Documents | CISA. At the bottom of the document both planners and participants will find example case studies relevant to the exercise, increasing its authenticity, as well as threat descriptions and resources. Learn more here.