Raising Awareness and Taking Action to Address Cybersecurity Preparedness at Local Health Departments

Oct 26, 2018

October is National Cybersecurity Awareness Month and is an effort to raise awareness on the continued threats posed by cyberattacks and the activities that are being pursued to protect against future cyberattacks. The Secretary of the United States Department of Homeland Security (DHS), Kirstjen M. Nielsen, recently spoke about DHS’ efforts to protect against threats and secure the nation’s election systems. Secretary Nielsen described existing cybersecurity legislation, information sharing improvements, 2018 Election Day preparations and threats, and the 2017 Intel Community Assessment. The full discussion can be found here.

Beyond just securing our election system from cyber threats, many federal and national agencies are working hard to ensure other critical sectors including healthcare and public health are also protected from cyber threats. The U.S. Department of the Assistant Secretary for Preparedness and Response (ASPR) currently houses the Critical Infrastructure Protection (CIP) Program which protects essential goods, services, and functions of public health and healthcare from terrorist attacks or other hazards. ASPR also has a variety of relevant cybersecurity resources for healthcare and public health organizations housed on ASPR TRACIE.

The National Association of County and City Health Officials (NACCHO) also recognizes the need to build additional local health department (LHD) capacity in cybersecurity preparedness. In the 2016 Preparedness Profile Assessment Report, 37 percent of LHDs ranked cybersecurity as one their top three threats that they are most concerned with affecting their community in the future. In addition, only 26 percent of LHDs have conducted cybersecurity preparedness planning in the past year with even fewer LHDs doing trainings, exercises, and coordination with partners on cybersecurity (15, 1, and 9 percent, respectively). This disparity between perceived threat and action being taken to address the threat indicates more needs to be done to promote and advance preparedness efforts in this area.

During the 2018 Preparedness Summit, NACCHO hosted a plenary session on cybersecurity entitled “A Troubling Gap: Why Cyber Security Matters to Public Health Emergency Preparedness” (video recording available here). This discussion included panelists which discussed cybersecurity threats and the role of LHDs in responding to a cyberattack that impacts health department operations. This session will help health departments hoping to better understand how a cyberattack may impact their operations and provides strategies for how they can better prepare for cyberattacks.

NACCHO, in collaboration with ASPR, also conducted a needs assessment of LHD and healthcare cybersecurity preparedness to better understand the gaps and challenges that prevent cybersecurity preparedness planning from advancing. The needs assessment focused on two main topic areas: (1) cybersecurity preparedness strategies for public health and healthcare IT systems; and (2) cybersecurity incident recovery and information-sharing needs. The needs assessment questions were integrated into two sessions at the 2018 Preparedness Summit and a combination of qualitative and quantitative data was collected from conference attendees. The needs assessment revealed the following gaps persisted at the local level:

  • Some participants indicated a minimal or non-existent role for their organization’s preparedness program in responding to a cybersecurity attack.
  • There is increasing interest at the state and local levels to conduct cybersecurity planning, but there is a lack of public health-specific cybersecurity guidance, templates, and tools.
  • Strategies to prepare for cyberattacks vary widely by jurisdictions; there are not well-recognized best practices for health departments to follow.
  • There can be difficulties getting state and local leadership buy-in to pursue cybersecurity planning.
  • Public messaging and strategies for information dissemination following a cyberattack vary among health departments.

NACCHO provided federal and national partners a number of recommendations to address these gaps including increasing the available guidance, resources, training, templates, and best practice examples to assist local health department preparedness efforts.

An additional product created as result of the data collected as part of the needs assessment was a fact sheet entitled “Cybersecurity Preparedness Considerations for Public Health and Healthcare Organizations.” This fact sheet provides information on roles, strategies, considerations, and barriers for public health and healthcare cybersecurity preparedness. NACCHO also published a report in 2014 which provides additional recommendations to help local health departments be better prepared for cyberattacks. These combined efforts and resources will hopefully raise awareness of cybersecurity issues at the local level and provide some key resources to help LHDs advance their cybersecurity planning.


Related Posts

Wildfire
  • Tools & Resources

Updated FEMA Advisory: FEMA Determination Letters

FEMA updates related to Los Angeles wildfire survivor request for assistance.

Jan 16, 2025

Updated FEMA Advisory: FEMA Determination Letters

MRC World First Aid Day 600
  • Medical Reserve Corps

Medical Reserve Corps Unit Shares Volunteer Retention...

Lear volunteer retention strategies from the City of Detroit Medical Reserve...

Jan 15, 2025 | Beth Hess

Medical Reserve Corps Unit Shares Volunteer Retention...

Wildfire
  • Tools & Resources

FEMA Offers Recovery Tips for California Wildfire...

Recovery resources for individuals and families following the California...

Jan 14, 2025

FEMA Offers Recovery Tips for California Wildfire...

PS25 600
  • Community Resilience Emergency Response Leadership Medical Reserve Corps

2025 Prep Summit Early-Bird Rates Extended

Register by January 31, 2025, to save.

Dec 20, 2024 | Beth Hess

2025 Prep Summit Early-Bird Rates Extended

H5 N1
  • Infectious Disease

Bird Flu: Resources and Updates for Local Health...

News and information related to avian influenza A(H5N1) (bird flu).

Dec 18, 2024

Bird Flu: Resources and Updates for Local Health...

Mc Henry MRC Volunteers
  • Medical Reserve Corps

Training Exercise Helps Volunteers Prepare While...

Learn how the McHenry County Medical Reserve Corps (IL) combines a training...

Dec 18, 2024 | Beth Hess

Training Exercise Helps Volunteers Prepare While...

Winter community
  • Tools & Resources

Tools and Resources for Winter Preparedness

See resources to help communities foster winter preparedness.

Dec 17, 2024 | Beth Hess

Tools and Resources for Winter Preparedness

Webinar
  • Webinar Communications & Public Relations Emergency Response

EMPowerment Webinar Series: Navigating Crisis...

Join this webinar on January 16, 2025.

Dec 17, 2024

EMPowerment Webinar Series: Navigating Crisis...

Cybersecurity 600
  • Call for Comments

Share Your Feedback: Cybersecurity Preparedness

Survey closes December 20, 2024.

Dec 16, 2024

Share Your Feedback: Cybersecurity Preparedness

Back to Top