Pinnacle: Is Your Organization Ready for a Cybersecurity Attack?

Pinnacle: Is Your Organization Ready for a Cybersecurity Attack?

Article Aug 11, 2017

During his presentation “Digital Disruptions—Are You Next? Cybersecurity for EMS and 911” on Aug. 10 in Boca Raton, Fla., Frank Gresh, MS, said, “Information is an asset which needs to be protected.” Information security is a necessity to any organization’s stability. It entails more than just IT security—it’s a system that maintains the confidentiality of employees and patients and the integrity of the organization.

Establishing high-security protocols is vital to protecting the information collected by critical infrastructures within society, including 9-1-1 systems, dispatch centers, radios, warning systems, power grids, water supplies and transportation systems. Breaches of these infrastructures could be severely detrimental to a community.

Security breaches in EMS and governmental agencies would expose critical information such as plans, budgets, trade secrets, financial data, and patients’ private health records, violating HIPAA. It’s important to recognize that protecting this information is not just the responsibility of the IT department or the top officials of an organization. It’s everyone’s responsibility, said Gresh. Everyone must be actively aware of their online activity, like determining the safety of where they enter their personal or organization’s information, and being mindful of potential scams they come across.

Attack vectors that hackers will utilize to breach a security system include email, web browsers and downloads, intrusions in exploited firewalls and compromised machines, and poorly engineered systems. Gresh emphasized the importance of installing high-quality virus scanners on all computers, particularly for email accounts for important persons of contact who receive many emails from unknown senders so they can filter out scammers.

Gresh encourages agencies to stratify technological defenses and prioritize which data is most vital to be protected against breaches. EMS agencies have several major items to protect: private health information, payment transactions and credit card information, employee personal information, and the agency’s website and social media accounts.

Leaders can also implement simple protection measures in addition to heavier duty measures, like sending monthly or quarterly emails to employees reminding them not to open emails, attachments, or links from unknown senders.

While great security measures can be put in place, there is always the chance that a system can be breached. With this in mind, agencies must also have a plan of action in the event that this occurs. Civilians are still counting on your services regardless of any security breaches you may be facing. “On our worst day, we still need to be at our best,” said Gresh. “People will still be calling 9-1-1. There are no excuses in EMS.”

Gresh also provided a list of security frameworks that agencies can implement, including NIST, COBIT, ISO 27001, and ITIL. He encouraged taking advantage of the availability of cybersecurity experts as well for guidance in security measures.

Remember that it is everyone’s responsibility to maintain a strong cybersecurity network in order to maintain the integrity and availability of your agency. Keep in mind that cyber threats come in various forms and have a plan in place to manage those risks and potential breaches. And most importantly, “Don’t be afraid to ask for help,” Gresh said.

Unmanned aircraft seem poised to play a bigger role in emergency response. 
The collaboration supports rural healthcare providers with the goal of improving patient outcomes in Kansas through the Redivus mobile clinical decision app.
A specialized free app intelligence system delivers verified alerts within two minutes of mass shootings, terror threats, and terror attacks anywhere in the world.
Emergency responders using Twiage will be able to share HIPAA-compliant patient data in real-time with Steward’s emergency departments.
Nyack Hospital is the first to use the HIPAA-compliant prehospital communication technology Twiage, which allows EMS providers to send live data to the emergency department.
The unique intelligence system delivers verified terror alerts within two minutes of a terror threat or attack anywhere in the world.
The Mobilize Rescue Systems’ app allows staff to effectively respond to massive bleeding and other medical emergencies.
Manatee County residents can now text 9-1-1 following new legislation calling for federal grant programs to develop next generation 9-1-1 technology.
The department switched from manual staff management methods to switched to a cloud-based software system.
The free-to-all LifeLink smartphone app connects you and your loved ones instantly and accurately to 9-1-1 dispatch services no matter where you are.
eICS and Rave Alert Connect to enhance situational awareness and emergency response efforts on college campuses.
The customized software solution ensures proper staffing and streamlined operations in two sectors vital to public safety.
The IAFC, Intermedix, and Esri announced the agreement to build the National Mutual Aid System, the next generation version of the IAFC’s Mutual Aid Net tool built in 2008.
When staff members choose one of Rave Panic Button's five selections—active shooter, fire, police, medical or 911—a dispatcher is alerted and directs the call to the appropriate agency.
Intermedix has released new customizable incident management software to connect higher education institutions with local communities, as well as government agencies to create transparency and provide effective response across campuses.