Homeland Security Threats

Quality, Safety & Oversight Group- Emergency Preparedness General Guidance

Guidance for Surveyors, Providers and Suppliers for Natural Disaster Preparedness

Homeland Security threats, such as cyber-attacks, can have a massive impact on healthcare organizations and lead to a complete shutdown of operations. Attacks such as Ransomware, as experienced by several healthcare facilities since 2016, further emphasize the need for healthcare organizations to strengthen their information security systems to better protect confidential and personal identifiable information (PII).

Currently, CMS emergency preparedness Conditions of Participation/Conditions for Coverage (CoPs/CfCs) require Medicare-participating facilities to have emergency plans based on an all-hazards approach. CMS defines “all-hazards” as an integrated approach to emergency preparedness that focuses on identifying hazards and developing emergency preparedness capacities and capabilities that can address those as well as a wide spectrum of emergencies or disasters. This approach includes preparedness for natural, man-made, and/or facility-specific emergencies that may include, but are not limited to: care-related emergencies; equipment and power failures; interruptions in communications including cyber-attacks; loss of a portion, or all, of a facility; and interruptions in the normal supply of essentials, such as water and food. An all-hazards approach emergency preparedness plan should also include emerging infectious disease (EID) threats.

While not specifically required by regulations, facilities should consider implementing effective antiviral computer software programs and electronic security systems in order to detect, prevent, and protect against, malware (malicious and disruptive software) and viruses, commonly used in cyber-attacks, from disrupting and sometimes completely disabling their information systems.

Cyber/information security systems are crucial for preventing cyber-attacks on facility information systems, protecting PII, and ultimately keeping patients safe by ensuring the continuity of critical treatment and care.

For additional information and resources on emergency preparedness, response, and cyber-security, please use the downloadable materials and related links provided here.