Oct 2018

Why We All Should Focus on Cybersecurity for Our Departments

Our friend Justin Snair had a great article in Domestic Preparedness magazine earlier this year in which he outlined why all of us in public health need to improve the quality of our cybersecurity defense.  And since October is Cybersecurity month in the U.S. we wanted to provide a closer look into why it’s so important to protect your departments and yourselves against those who would hack our systems.

“Cyberattacks can threaten lives and result in losses of integrity, availability, confidentiality, and physical destruction of assets,” he wrote. They also erode the trust and confidence communities have in health departments and can introduce legal and other liabilities when breaches of protected patient health information occur.

He pointed out that reports of cybercriminals attacking entire local and county government systems have become more common in the past year, including a cyberattack in Dallas that managed to set off all 156 emergency alarms in the city, a ransomware attack in Mecklenburg County, N.C., that slowed the county government to a crawl, and another in Atlanta, that disabled critical systems.

Those and other cases of attacks on public health departments make it clear that the potential of cyberattacks should be part of our all-hazard planning, beginning with the following questions:

  • What is the role of an LHD in cybersecurity incidents?
  • What are the most critical systems at risk of compromising public health in the event of a cyberattack?
  • If a cybersecurity incident occurred, could LHD operations continue?
  • Does the community have contingency plans in place for a cyberattack?
  • Who at the state and federal levels of government should be contacted regarding a cyberattack?
  • Would a cyberattack trigger the activation of the emergency response plan?
  • Who is identified as the community lead in such an event?
  • Does the community emergency operations plan include an air-gapped network and equipment (i.e., a physically isolated secure computer network)?
  • Will a county or local community pay in the event of ransomware? If not, is it prepared for consequential data loss and privacy breaches?
  • When should the public be notified and what information should be shared about cyber incidents?

The roughly 2,750 local health departments across the nation are responsible for a wide range of crucial services to their communities, including food safety, vaccinations, epidemiological surveillance, disaster preparedness planning, emergency response, laboratory testing and many others.  Imagine if some or all of those services were suddenly unavailable because of an attack.

If you are feeling left behind, here are some resources that you might find useful:

Bio-Defense Network has relationships with both SGNL and LAR consulting and would be pleased to help you think through your cyber planning.  It’s never too soon to prepare for a cyberattack, and no one wants to be too late.

Leave a Reply

Your email address will not be published. Required fields are marked *