Pinnacle: Is Your Organization Ready for a Cybersecurity Attack?

Pinnacle: Is Your Organization Ready for a Cybersecurity Attack?

Article Aug 11, 2017

During his presentation “Digital Disruptions—Are You Next? Cybersecurity for EMS and 911” on Aug. 10 in Boca Raton, Fla., Frank Gresh, MS, said, “Information is an asset which needs to be protected.” Information security is a necessity to any organization’s stability. It entails more than just IT security—it’s a system that maintains the confidentiality of employees and patients and the integrity of the organization.

Establishing high-security protocols is vital to protecting the information collected by critical infrastructures within society, including 9-1-1 systems, dispatch centers, radios, warning systems, power grids, water supplies and transportation systems. Breaches of these infrastructures could be severely detrimental to a community.

Security breaches in EMS and governmental agencies would expose critical information such as plans, budgets, trade secrets, financial data, and patients’ private health records, violating HIPAA. It’s important to recognize that protecting this information is not just the responsibility of the IT department or the top officials of an organization. It’s everyone’s responsibility, said Gresh. Everyone must be actively aware of their online activity, like determining the safety of where they enter their personal or organization’s information, and being mindful of potential scams they come across.

Attack vectors that hackers will utilize to breach a security system include email, web browsers and downloads, intrusions in exploited firewalls and compromised machines, and poorly engineered systems. Gresh emphasized the importance of installing high-quality virus scanners on all computers, particularly for email accounts for important persons of contact who receive many emails from unknown senders so they can filter out scammers.

Gresh encourages agencies to stratify technological defenses and prioritize which data is most vital to be protected against breaches. EMS agencies have several major items to protect: private health information, payment transactions and credit card information, employee personal information, and the agency’s website and social media accounts.

Leaders can also implement simple protection measures in addition to heavier duty measures, like sending monthly or quarterly emails to employees reminding them not to open emails, attachments, or links from unknown senders.

While great security measures can be put in place, there is always the chance that a system can be breached. With this in mind, agencies must also have a plan of action in the event that this occurs. Civilians are still counting on your services regardless of any security breaches you may be facing. “On our worst day, we still need to be at our best,” said Gresh. “People will still be calling 9-1-1. There are no excuses in EMS.”

Gresh also provided a list of security frameworks that agencies can implement, including NIST, COBIT, ISO 27001, and ITIL. He encouraged taking advantage of the availability of cybersecurity experts as well for guidance in security measures.

Remember that it is everyone’s responsibility to maintain a strong cybersecurity network in order to maintain the integrity and availability of your agency. Keep in mind that cyber threats come in various forms and have a plan in place to manage those risks and potential breaches. And most importantly, “Don’t be afraid to ask for help,” Gresh said.

UC Berkeley's Seismology Lab team developed the app to alert users of impending earthquakes so they have more time to prepare for safety.
The app will help teachers and administrators easily communicate during crises and are also being trained by law enforcement on how to act in an active shooter event.
The company launched a new series of demo webinars and released a comparison checklist resource to assist fire departments and EMS agencies in their search for a better records management system.
Leading EMS, Fire, Software & Data Company Named to Inc. 5000 Fastest Growing Companies in America List for Fifth Year Running
Specifically created for the public safety sector, Aladtec's software helps EMS agencies manage complex shifts for their 24/7 coverage needs.  
Dictum Health, Inc introduces a new telehealth product line based on its patient-centric Virtual Exam Room (VER) technology, providing better patient care whether it be basic home visits or disaster scenarios.
Five hospitals — two in California, two in Arkansas, one in Colorado — gain access to EMS data in real-time, even prior to patient arrival, using Electronic Health Record-consumable formats.
The Overdose Detection Mapping Application Program (ODMAP) will track real-time overdose surveillance data so immediate responses can be activated when overdoses spike in frequency.
Officials are urging companies like Apple to activate the FM chips installed in cell phones so emergency alerts can guide residents when cell towers are damaged by major disasters.
DMI announces the launch of EndZone, a cloud-based platform for mobile-centric situational awareness, delivering increased responsiveness and efficiency in emergency situations.
First responders are encouraged to link the website to their pages, as the service allows users to reconnect with loved ones in the aftermath of a natural disaster, such as Hurricane Maria.
Residents who register with the program provide important details about health conditions and even bedroom locations so rescue workers spend less time searching for victims.
Inc. magazine ranked GD 2503 on its 36th annual Inc. 5000, the most prestigious ranking of the nation's fastest-growing private companies.
Developed with the help of paramedics, bystanders who witness a heart attack or cardiac arrest can use the app to send an SOS to nearby CPR-trained people, check if someone has called the emergency number 119, and alerts them of nearby AEDs.
Verizon brought responders together to see the benefit of new technologies.