December Updates:

HHS Announces Next Steps in Ongoing Work to Enhance Cybersecurity for Healthcare and Public Health Sectors​
The U.S. Department of Health and Human Services (HHS) released a concept paper that outlines the Department’s cybersecurity strategy for the healthcare sector. The concept paper builds on the National Cybersecurity Strategy that President Biden released last year, focusing specifically on strengthening resilience for hospitals, patients, and communities threatened by cyber-attacks. The paper details four pillars for action, including publishing new voluntary healthcare-specific cybersecurity performance goals, working with Congress to develop supports and incentives for domestic hospitals to improve cybersecurity, and increasing accountability and coordination within the healthcare sector.
Full Press Release

Immediate Bed Availability Guidelines and Toolkit Published to the MIHAN
Hospital Preparedness Program (HPP) staff have been working diligently to get documents completed and posted to the MIHAN. Most recently, the Immediate Bed Availability Decompression Strategy Guidelines and Toolkit was completed and posted. To find this document and many other new documents, log into the MIHAN and go to: Documents – Resource Sharing – Operational Guidelines/Plans/Document.
NOTE: If you don’t have access to the MIHAN and would like a copy of the Immediate Bed Availability Decompression Strategy Guidelines and Toolkit, click on the picture to the right or contact Lauren Korte at [email protected].
​
content.govdelivery.com/attachments/MIDHHS/2023/12/14/file_attachments/2718366/2023.12.13_IBA%20Guidelines%20Document%20v5.0.pdf



Latest Hospital Cyberattack Shows How Health Care Systems' Vulnerability Can Put Patients at Risk
Annie Wolf's open-heart surgery was just two days away when the Hillcrest Medical Center in Tulsa, Oklahoma, called, informing her that her procedure had been postponed after a major ransomware attack.  "I've got a hole in my mitral valve, and basically walking around, I can't breathe," Wolf told CBS News. "And I get very fatigued, very tired, very quickly. If I go to the store, I've got to ride the scooter." Wolf is just one of the patients impacted after Ardent Health Services says it became aware of the cyber breach on Thanksgiving Day affecting 30 hospitals and more than 200 health care sites across six states.

In a statement, Ardent said it immediately began safeguarding confidential patient data, and protectively took its computer network offline, which required some facilities, including two in New Jersey, to divert ambulances to nearby medical centers. Ardent said that "in an abundance of caution, our facilities are rescheduling some non-emergent, elective procedures and diverting some emergency room patients to other area hospitals." Ardent has not announced a timeline for when the issue could be resolved. According to the Institute for Security and Technology, at least 299 hospitals have suffered ransomware attacks in 2023.  
Learn More on Cyberattach Impacts