After Sandy, help for healthcare infrastructure

By Erin McCann
09:32 AM

In the crippling aftermath of Hurricane Sandy, the National Health Information Sharing and Analysis Center (NH-ISAC) has activated a 24/7 emergency response system to support healthcare-critical infrastructure protection, mitigation and recovery.

Officials say the National Healthcare and Public Health Cyber Response System will improve situational awareness, information sharing and incident response support working in coordination with federal, state and private sector organizations. NH-ISAC response protocols support and complement national, state, and private sector-established emergency operations, business continuity and disaster recovery plans.

[See also: Sandy hammers Northeast, hospitals hurting in aftermath.]

Located at NASA's Kennedy Space Center, NH-ISAC provides cyber intelligence, two-way information sharing and incident response for health information exchanges, electronic health record implementation, hospitals and healthcare organizations nationwide.

Deborah Kobza, NH-ISAC executive director and CEO, said the group is currently working with the Department of Homeland Security and FEMA to discuss what unmet needs are out there for healthcare groups, whether it be fuel shortages, clean water, or communications and transportation deficiencies.

"We don’t get in the way of first responders," Kobza said to Healthcare IT News, as after any natural disaster, emergency plans are executed at both state and local levels."What we do is help complement that," she added.

"We do have communications resources to get to folks within hospitals, as those systems and networks and everything start to come up off the generators, or they’ve been without power, to really be vigilant about any type of cyber incident or cyber attacks," Kobza said. She cited things like denial of service, malware, fishing attacks and bogus scams. "The biggest concern is that those cyber attacks that would try to impede the electric power coming back on."

To avoid this, NH-ISAC is is reaching out to the technology side of health in the hospitals to share any information if they observe any type of attack in their network.

Kobza said NH-ISAC is working closely with the Hospital Association and hospitals that have evacuated patients, lost power or are on generator power. Bellevue Hospital in New York, which she said has currently evacuated some 304 patients, is one of the hospitals they are monitoring closely.

Healthcare-critical infrastructure owners and operators of hospitals, clinics, healthcare facilities, ambulatory care, pharmaceutical/medical device and organizations supporting the health sector that have been impacted by the storm are encouraged to contact the NH-ISAC to share situational awareness information and advise of any unmet needs in order for the organization to help support communication to the proper authorities.

As emergency first responder recovery teams work to restore power, transportation and physical infrastructures to resume normal facilities' operations; as technology infrastructures, systems and networks are brought back online, proactive cybersecurity situational awareness information sharing is critical to support NH-ISAC threat and vulnerability monitoring, mitigation and response to protect healthcare and public health critical infrastructure.  

[See also: In disasters such as Sandy, HIE is 'as critical as having roads, as having fire hydrants'.]

NH-ISAC's emergency response resources comprised of technology and cybersecurity experts from NH-ISAC and national security and technology organizations are available to impacted areas.

"As NH-ISAC continues to work in close response coordination with national healthcare and public health critical infrastructure owners and operators, the U.S. Dept. of Health and Human Services, U.S. Dept. of Homeland Security and Emergency First Responders, this is the time for the nation to come together to support recovery efforts," said Kobza. "NH-ISAC has issued a call out to organizations nationwide to be on stand-by to offer infrastructure, technology and security services and support."