CYBER ATTACK SCENARIO

Similar documents
HAZARDOUS MATERIAL SPILL

EM-413a HOSPITAL SURGE/OVERLOAD

EXPLOSIVES ATTACK IMPROVISED EXPLOSIVE DEVICE

Mission. Directions. Objectives

Internal Scenario 1 BOMB THREAT SCENARIO

CODE ORANGE. MASS CASUALTY INCIDENT (MCI) RESPONSE PLAN Covenant Health Edmonton Acute Care Hospitals

Mission. Directions. Objectives

INCIDENT COMMANDER. Date: Start: End: Position Assigned to: Signature: Initial: Hospital Command Center (HCC) Location: Telephone:

Incident Action Planning for pre-incident Ebola

Mission. Directions. Objectives

Mission. Directions. Objectives. To protect patients, staff, and visitors during an active shooter incident.

MEDICAL-TECHNICAL SPECIALIST: BIOLOGICAL/INFECTIOUS DISEASE

SEVERE WEATHER COLD 1 OR HEAT 2

Mission. Directions. Objectives

Housekeeping. Hospital Incident Command System (HICS) Objectives include: Agenda 9/3/2010. Restrooms Exits Breaks, lunch, etc Enjoy!

INCIDENT COMMANDER. Date: Start: End: Position Assigned to: Signature: Initial: Hospital Command Center (HCC) Location: Telephone:

INFRASTRUCTURE BRANCH DIRECTOR

Welcome. Welcome 2/3/2016. The Hospital Incident Command System (HICS) Presenter

The Emergency Operations Plan. The Emergency Operations Plan

SUPPLY UNIT LEADER. Acquire, inventory, maintain, and provide medical and non-medical care equipment, supplies, and pharmaceuticals.

IA 6. Volcano THIS PAGE LEFT BLANK INTENTIONALLY

Incident Command System National Incident Management System for Community Based Health Care Centers Staff

HOSPITALINCIDENTCOMMANDSYSTEM& EMERGENCY MANAGEMENT FUNDAMENTALS

Part 1.3 PHASES OF EMERGENCY MANAGEMENT

ICS POSITIONS & FUNCTIONS

Business Continuity Plan Example

PATIENT REGISTRATION UNIT LEADER

MEDICAL CARE BRANCH DIRECTOR

ESF 13 - Public Safety and Security

Emergency Support Function (ESF) 16 Law Enforcement

EvCC Emergency Management Plan ANNEX #02 Emergency Operations Center

ICS-200.b: ICS for Single Resources and Initial Action Incidents Final Exam

Chapter Event Active Shooter on Campus: What Happened, What We Learned and Where Do We Go From Here? Facilitator Guide

STAGING MANAGER. Organize and manage the deployment of supplementary resources, including personnel, vehicles, equipment, supplies, and medications.

PUBLIC INFORMATION OFFICER (PIO)

CASUALTY CARE UNIT LEADER

Incident Planning Guide: Infectious Disease

University of San Francisco EMERGENCY OPERATIONS PLAN

ICS-200: ICS for Single Resources and Initial Action Incidents

7 IA 7 Hazardous Materials. (Accidental Release)

IA7. Volcano/Volcanic Activity

Procedure: 3.4.1p2. (II.D.2a.) Business Continuity Planning

Miami-Dade County, Florida Emergency Operations Center (EOC) Continuity of Operations Plan (COOP) Template

IA5. Hazardous Materials (Accidental Release)

Business Continuity Plan

Incident Planning Guide Tornado Page 1

This Annex describes the emergency medical service protocol to guide and coordinate actions during initial mass casualty medical response activities.

FINANCE/ADMINISTRATION SECTION CHIEF

CITY OF HAMILTON EMERGENCY PLAN. Enacted Under: Emergency Management Program By-law, 2017

EvCC Emergency Management Plan ANNEX #01 Incident Command System

EMERGENCY OPERATIONS CENTER FORMS

H. APPENDIX VIII: EMERGENCY SUPPORT FUNCTION 8 - HEALTH AND MEDICAL SERVICES

LEVEL I PATIENT SURGE

EOC Procedures/Annexes/Checklists

The Basics of Disaster Response

The 2018 edition is under review and will be available in the near future. G.M. Janowski Associate Provost 21-Mar-18

SECTION EARTHQUAKE

NUMBER: UNIV University Administration. Emergency Management Team. DATE: October 31, REVISION February 16, I.

ANNEX 8 ESF-8- HEALTH AND MEDICAL SERVICES. South Carolina Department of Health and Environmental Control

Public Safety and Security Response Exercise Evaluation Guide

ANNEX 8 ESF-8- HEALTH AND MEDICAL SERVICES. SC Department of Health and Environmental Control

SECTION EARTHQUAKE

SECTION EARTHQUAKE

ANNEX F. Firefighting. City of Jonestown. F-i. Ver 2.0 Rev 6/13 MP

National Incident Management System (NIMS) & the Incident Command System (ICS)

Incident Planning Guide Missing Person Page 1

Emergency Operations Plan (EOP) Part 2: EOC Supporting Documents May, 2011

EMERGENCY OPERATIONS PLAN (EOP) FOR. Borough of Alburtis. in Lehigh County

Position Checklists. Emergency Operations Plan. Arkansas State University. Jonesboro Campus

ALABAMA DEPARTMENT OF HOMELAND SECURITY ADMINISTRATIVE CODE CHAPTER 375-X-2 DUTIES AND RESPONSIBILITIES OF ASSISTANT DIRECTORS TABLE OF CONTENTS

Emergency Support Function #5 Emergency Management

UNIT 2: ICS FUNDAMENTALS REVIEW

ESF 4 - Firefighting

TGH Emergency Preparedness E R I NN S K I BA, M A N AGER O F E M E RGENCY P R E PA R EDNES S

Table 1: Types of Emergencies Potentially Affecting Urgent Care Centers o Chemical Emergency

Emergency Operations Plan

Lessons Learned From Hurricane Katrina

Business Continuity Plan

Incident Planning Guide: Mass Casualty Incident Page 1

FIREFIGHTING EMERGENCY SUPPORT FUNCTION (ESF #4) FORMERLLY FIRE SERVICES OFFICER

CRITICAL INCIDENT MANAGEMENT

ANNEX R SEARCH & RESCUE

Emergency Response Plan Appendix A, ICS Position Checklist

BLINN COLLEGE ADMINISTRATIVE REGULATIONS MANUAL

8 IA 8 Public Health Incident

INCIDENT COMMANDER. Hospital Command Center (HCC): Phone: ( ) - Fax: ( ) - Signature: Initials: End: : hrs. Signature: Initials: End: : hrs.

EMERGENCY RESPONSE FOR SCHOOLS Checklists

Integrated Emergency Plan. Overview

EOP/SUPPORT ANNEX F/APPENDIX 14 EOC FINANCE SECTION APPENDIX 14 EOC FINANCE SECTION

IA6. Earthquake/Seismic Activity

On February 28, 2003, President Bush issued Homeland Security Presidential Directive 5 (HSPD 5). HSPD 5 directed the Secretary of Homeland Security

ORGANIZING FOR A DISASTER USING THE NIMS/ICS COMMAND STRUCTURE

Revising the National Strategy for Homeland Security

Comprehensive Emergency Management Plan

Business Continuity Plan

ESF 8 - Public Health and Medical Services

S:\Mutual Aid Agreements\Mutual Aid MOU final draft doc

SWS-2 Incident Management Plan Maturity Assessment

UTAH STATE UNIVERSITY EMERGENCY OPERATIONS PLAN

Prepublication Requirements

Transcription:

SCENARIO A disgruntled former hospital employee with exceptional computer skills hacks into the hospital network from their home computer and plants a very aggressive computer virus into the Computer-Aided Facility Management (CAFM) system. The computer virus activates at midnight, shutting down the hospital HVAC system, security system, building automation, and patient medical monitoring system. Page 1 of 16

INCIDENT PLANNING GUIDE Does your Emergency Management Plan Address the following issues? Mitigation & Preparedness 1. Does your hospital have the latest versions of firewall, anti-virus, and spyware software technologies deployed across the enterprise? 2. 3. 4. 5. 6. 7. Does your hospital have a system to monitor misuse or unauthorized/remote access of cybersystems, especially by personnel under emotional or financial strains and with access to major data and system integrity? Does your hospital have a proactive and well-documented cyber-security training program for all personnel with potential access? Does your hospital have rules for employees working from home to comply with information and systems security? Does your hospital have data back-up (data redundancy) processes and policies for enterprise wide and departmental specific data systems? Does your hospital have a management process to approve all cyber-technologies utilized in the organization, including but not limited to different systems sharing like data and how shared or exchanged data protected from corruption while allowing access to critical data under emergent conditions? Does your hospital have policies for the interface and deployment of wireless data and voice systems communications? 8. Does your hospital have trained personnel for cyber-system response and recovery operations? 9. 10. 11. 12. 13. 14. 15. Does your hospital have a protocol to monitor the number of cyber-system response events involving external attacks by deliberate attempts to penetrate, and take appropriate protective actions? Has your hospital completed a hazard vulnerability analysis of all cyber-systems to determine infrastructure security improvements needed for all internal and external threats? Does your hospital have data security exchange protocols for secure interface with authorized emergency management agencies under a unified command? Does your hospital comply with current standards on disaster/emergency management and business continuity programs as they apply to all third-party vendors that support and supply cyber-technology services, such as offsite backup and data recovery process for the institution? Does your hospital have a system of cyber-security audits using a scenario based evaluation or a series of critical benchmarks approved by a multi-disciplinary committee of your organization? Does your hospital have standards for the development and security of systems and substructures (i.e., departments), including non-it/is staff with special levels of cyber-systems knowledge? Does your hospital have the ability to terminate access immediately upon an employee s termination of employment? Page 3 of 16

INCIDENT PLANNING GUIDE Response & Recovery 1. Has you hospital established criteria and procedures to activate an IT/IS command center (partial or complete) during emergencies? 2. 3. 4. 5. 6. 7. 8. 9. 10. Does your hospital have systems and/or procedures to determine what cyber-systems are affected by certain events? Does your hospital have procedures to obtain information on possible entry point of cyber-security violation? Does your hospital have procedures to evaluate firewall management and containment and to respond accordingly? Does your hospital have policies for the CIO or IT/IS manager to direct key IT/IS staff in identifying potential problem areas? Does your hospital have communication methods for the CIO or IT/IS manager to issue organizational alerts regarding cyber-systems failures or viruses affecting systems? Does your hospital have the ability to determine contact lists and communications methods in order for the CIO or IT/IS manager to immediately notify nursing staff (nursing house supervisor) and/or senior medical staff (chief of staff) regarding affected cyber-systems that will have direct impact on health care delivery and potential to adversely affect patient safety? Does your hospital have procedures for emergency incident notification when affected systems will take greater than two hours to return to full operational status, to alert the Incident Commander and key disaster response personnel? Does your hospital have procedures for all administrators and key health care delivery staff to use manual documentation systems or non-affected portable devices and later merge data with recovered systems? Does your hospital have procedures to identify medical care, patient records, admissions, financial, supply management, computer aided facility management (CAFM), and other critical systems and operations directly impacted by cyber system compromise? 11. Does your hospital have a plan to notify patient about any delays in service and the situation? 12. 13. 14. Does your hospital have procedures to ensure resources (i.e., personnel, equipment, software, and hardware) are obtained as appropriate to provide the fastest and most secure level of cyber-systems recovery? Does your hospital have procedures to implement regular briefings on cyber-system restoration status for personnel? Does your hospital have pre-developed, departmental business continuity plans with clear recovery time objectives (RTOs) in place. Are these plans practiced? 15. Does your hospital have criteria to restore normal operations? 16. Does your hospital have procedures to complete incident documentation and archiving? Page 4 of 16

INCIDENT PLANNING GUIDE 17. Does your hospital have procedures to debrief staff and identify corrective actions? 18. 19. Does your hospital identify components to include in an After Action Report, including a cost analysis of time spent of restoration efforts? Does your hospital have procedures to revise the Emergency Operations Plan as needed, including enhanced staff awareness training? Page 5 of 16

INCIDENT RESPONSE GUIDE Mission: To ensure business continuity and availability of essential automated systems for the clinic/hospital/health care system in the event of a massive or sustained cybersystems compromise or attack. Directions Objectives Read this entire response guide and review incident management team chart Use this response guide as a checklist to ensure all tasks are addressed and completed Define scope of problem Isolate affected systems Restore automated systems and services Notify affected end-user supervisory personnel and provide directed guidance on systems use Immediate Actions (Operational Period 0-2 Hours) COMMAND (Incident Commander): Activate the IT/IS to assess the degree of cyber-systems intrusion or disruption Activate appropriate Command Staff and s (PIO): Prepare initial risk communications for staff and patients regarding the cyber-systems situation and recommended actions until the systems are restored (Liaison ): Work with the Incident Commander and senior IT/IS staff to determine if the disruption is deliberate and targeted; contact local law enforcement, the FBI Cyber-Terrorism Division, and state Cyber-Terrorism Division or District Office, as appropriate Notify local emergency management authority, if appropriate (Safety ): Ensure the safety of staff, patients and visitors in areas impacted by the automated system shut downs Ensure safe restoration of services and systems Page 7 of 16

INCIDENT RESPONSE GUIDE OPERATIONS Activate the Business Continuity to isolate affected systems and develop a severity of impact list to begin to establish restoration priorities in accordance with the business continuity plan Conduct a risk assessment regarding any automated environmental systems that may be affected and alternate plans to provide HVAC and other critical facility services in direct support of health care operations. Notify key staff including house supervisors, chief of staff, Business Continuity Branch Director, support services, and others designated in the business continuity plan as it applies to cyber-systems disruptions Ensure continuation of patient care and management activities Ensure security of the facility Implement procedures to provide manual environment controls (HVAC systems are down) Activate redundant/back up documentation systems Consider need for patient evacuation or relocation in the facility due to loss of essential services PLANNING Establish operational periods, incident objectives and develop Incident Action Plan, in collaboration with the Incident Commander Implement manual documentation systems until automated systems can be restored LOGISTICS Activate IT/IS and personnel to isolate affected systems and develop a severity of impact list to begin to establish restoration priorities in accordance with the business continuity plan Implement redundant communications and reporting mechanisms as necessary Page 8 of 16

INCIDENT RESPONSE GUIDE Intermediate (Operational Period 2-12 Hours) COMMAND (Incident Commander): Conduct regular briefing and situation updates with Command Staff and s Update and revise the Incident Action Plan (PIO): Establish a central information center (clearinghouse) as needed to address all staff or patient issues that may arise as result of a cyber-systems disruption (Liaison ): Continue to update local emergency management and other officials on situation and hospital status (Safety ): Conduct ongoing analysis of existing response practices for health and safety issues related to staff, patients, and facility, and implement corrective actions to address OPERATIONS Reassess HVAC and other critical services in direct support of healthcare operations and modify actions as necessary Reevaluate need to transfer or relocate patients to ensure safety Continue the patient care and management and identify any patient care systems that are affected during the course of the restoration process Continue to assess cyber-systems disruptions and revise cyber security response plan PLANNING LOGISTICS Update and revise the Incident Action Plan Initiate patient and bed tracking if patients are evacuated or relocated within the facility Provide alternate documentation systems and support hardware (i.e., providing laptops and printers to affected areas for temporary use until systems are fully restored) Page 9 of 16

INCIDENT RESPONSE GUIDE FINANCE/ADMINISTRATION Track cost of response and restoration activities and expenditures Monitor and track costs related to the disruption to business continuity and compromise of automated systems Extended (Operational Period Beyond 12 Hours) COMMAND (Incident Commander): (PIO): Continue regular meetings and briefings with Command Staff and s to determine situation status and timelines for restoration of services Update staff, patients and visitors on the situation status (Liaison ): Continue to update local emergency management on situation status Notify appropriate licensing authorities of the sentinel event, as appropriate, in coordination with the Incident Commander PLANNING LOGISTICS Update and revise the Incident Action Plan Track personnel, patients and beds as necessary Monitor computer systems for new cyber-threats if the corrective actions are not completed within two hours Page 10 of 16

INCIDENT RESPONSE GUIDE Demobilization/System Recovery COMMAND (Incident Commander): (PIO): Ensure full system recovery and return to normal operations Declare the incident terminated Issue final media update with hospital status and appropriate service disruption information, in collaboration with the Incident Commander (Liaison ): OPERATIONS Notify local emergency management of system recovery and incident termination Restore patient care to normal operations Repatriate patients, if evacuated or transferred to other areas within the hospital Restore infrastructure services Prepare a summary report of corrective actions and recommendations for updating/improving diagnostic and protective cyber-services PLANNING Write after-action report and improvement plan including the following: Summary of actions taken Summary of the incident Actions that went well Area for improvement Recommendations for future response actions Recommendations for correction actions Documents and Tools Hospital Emergency Operations Plan Hospital and Department Level Business Continuity / Business Recovery Plan Manual procedures for System Downtime Page 11 of 16

INCIDENT RESPONSE GUIDE Cyber-Systems Diagnostics (e.g., anti-virus, spyware, firewall software systems) Cyber-systems Malfunction Alert Notification Page 12 of 16

INCIDENT MANAGEMENT TEAM CHART IMMEDIATE Incident Commander Public Information Safety Liaison Medical/ Technical Specialist Biological/Infectious Disease Chemical Radiological Clinic Administration Hospital Administration Legal Affairs Risk Management Medical Staff Pediatric Care Medical Ethicist Operations Planning Logistics Finance/ Administration Staging Manager Personnel Vehicle Equipment/Supply Medication Resources Personnel Tracking Materiel Tracking Service Communications Unit IT/IS Unit Staff Food & Water Unit Time Medical Care Inpatient Unit Outpatient Unit Casualty Care Unit Mental Health Unit Clinical Support Services Unit Patient Registration Unit Situation Patient Tracking Bed Tracking Support Branch Director Employee Health & Well-Being Unit Family Care Unit Supply Unit Facilities Unit Transportation Unit Labor Pool & Credentialing Unit Procurement Infrastructure Power/Lighting Unit Water/Sewer Unit HVAC Unit Building/Grounds Damage Unit Medical Gases Unit Medical Devices Unit Environmental Services Unit Food Services Unit Documentation Compensation/ Claims HazMat Detection and Monitoring Unit Spill Response Unit Victim Decontamination Unit Facility/Equipment Decontamination Unit Demobilization Cost Security Access Control Unit Crowd Control Unit Traffic Control Unit Search Unit Law Enforcement Interface Unit Business Continuity Information Technology Unit Service Continuity Unit Records Preservation Unit Business Function Relocation Unit Legend Activated Position Page 13 of 16

INCIDENT MANAGEMENT TEAM CHART INTERMEDIATE Incident Commander Public Information Safety Liaison Medical/ Technical Specialist Biological/Infectious Disease Chemical Radiological Clinic Administration Hospital Administration Legal Affairs Risk Management Medical Staff Pediatric Care Medical Ethicist Operations Planning Logistics Finance/ Administration Staging Manager Personnel Vehicle Equipment/Supply Medication Resources Personnel Tracking Materiel Tracking Service Communications Unit IT/IS Unit Staff Food & Water Unit Time Medical Care Inpatient Unit Outpatient Unit Casualty Care Unit Mental Health Unit Clinical Support Services Unit Patient Registration Unit Situation Patient Tracking Bed Tracking Support Branch Director Employee Health & Well-Being Unit Family Care Unit Supply Unit Facilities Unit Transportation Unit Labor Pool & Credentialing Unit Procurement Infrastructure Power/Lighting Unit Water/Sewer Unit HVAC Unit Building/Grounds Damage Unit Medical Gases Unit Medical Devices Unit Environmental Services Unit Food Services Unit Documentation Compensation/ Claims HazMat Detection and Monitoring Unit Spill Response Unit Victim Decontamination Unit Facility/Equipment Decontamination Unit Demobilization Cost Security Access Control Unit Crowd Control Unit Traffic Control Unit Search Unit Law Enforcement Interface Unit Business Continuity Information Technology Unit Service Continuity Unit Records Preservation Unit Business Function Relocation Unit Legend Activated Position Page 14 of 16

INCIDENT MANAGEMENT TEAM CHART EXTENDED Incident Commander Public Information Safety Liaison Medical/ Technical Specialist Biological/Infectious Disease Chemical Radiological Clinic Administration Hospital Administration Legal Affairs Risk Management Medical Staff Pediatric Care Medical Ethicist Operations Planning Logistics Finance/ Administration Staging Manager Personnel Vehicle Equipment/Supply Medication Resources Personnel Tracking Materiel Tracking Service Communications Unit IT/IS Unit Staff Food & Water Unit Time Medical Care Inpatient Unit Outpatient Unit Casualty Care Unit Mental Health Unit Clinical Support Services Unit Patient Registration Unit Situation Patient Tracking Bed Tracking Support Branch Director Employee Health & Well-Being Unit Family Care Unit Supply Unit Facilities Unit Transportation Unit Labor Pool & Credentialing Unit Procurement Infrastructure Power/Lighting Unit Water/Sewer Unit HVAC Unit Building/Grounds Damage Unit Medical Gases Unit Medical Devices Unit Environmental Services Unit Food Services Unit Documentation Compensation/ Claims HazMat Detection and Monitoring Unit Spill Response Unit Victim Decontamination Unit Facility/Equipment Decontamination Unit Demobilization Cost Security Access Control Unit Crowd Control Unit Traffic Control Unit Search Unit Law Enforcement Interface Unit Business Continuity Information Technology Unit Service Continuity Unit Records Preservation Unit Business Function Relocation Unit Legend Activated Position Page 15 of 16

INCIDENT MANAGEMENT TEAM CHART DEMOBILIZATION Incident Commander Public Information Safety Liaison Medical/ Technical Specialist Biological/Infectious Disease Chemical Radiological Clinic Administration Hospital Administration Legal Affairs Risk Management Medical Staff Pediatric Care Medical Ethicist Operations Planning Logistics Finance/ Administration Staging Manager Personnel Vehicle Equipment/Supply Medication Resources Personnel Tracking Materiel Tracking Service Communications Unit IT/IS Unit Staff Food & Water Unit Time Medical Care Inpatient Unit Outpatient Unit Casualty Care Unit Mental Health Unit Clinical Support Services Unit Patient Registration Unit Situation Patient Tracking Bed Tracking Support Branch Director Employee Health & Well-Being Unit Family Care Unit Supply Unit Facilities Unit Transportation Unit Labor Pool & Credentialing Unit Procurement Infrastructure Power/Lighting Unit Water/Sewer Unit HVAC Unit Building/Grounds Damage Unit Medical Gases Unit Medical Devices Unit Environmental Services Unit Food Services Unit Documentation Compensation/ Claims HazMat Detection and Monitoring Unit Spill Response Unit Victim Decontamination Unit Facility/Equipment Decontamination Unit Demobilization Cost Security Access Control Unit Crowd Control Unit Traffic Control Unit Search Unit Law Enforcement Interface Unit Business Continuity Information Technology Unit Service Continuity Unit Records Preservation Unit Business Function Relocation Unit Legend Activated Position Page 16 of 16

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback