Being Proactive About Cybersecurity
It is no secret that cybersecurity is a growing threat to healthcare facilities. However, preparing for cyber-attacks to happen can be a daunting task for even the best resourced facility. That is why the Nebraska Department of Health and Human Services (NE DHHS) Emergency Response Preparedness Unit (ERPU) decided to take a proactive approach to mitigate the threat that cyberattacks pose on healthcare facilities across Nebraska.
The Nebraska ERPU was eager to assist the Hospital Preparedness Program in making cybersecurity a priority. When the Cybersecurity and Infrastructure Security Agency’s (CISA) Nebraska team reached out wanting to conduct a cybersecurity tabletop exercise at each health care coalition in Nebraska, the ERPU got to work on creating a plan. The result is the Nebraska Cyber Security Support Plan.
This Cyber Security Support Plan is different than other health care coalition plans, as it is not centered around what the coalition would do, but instead around providing information, resources, and best practices for partners to use as a reference when enhancing their own cybersecurity plans.
Having a resource like the Cyber Security Support Plan is important. While larger facilities may have more resources to assist them in building robust cybersecurity plans, smaller critical access systems may have to contract out services and not be fully aware of what is needed. This desire for the plan to provide broad support was reinforced through visits conducted by CISA in the health care coalition regions and hospitals throughout Nebraska, where the variety of needs was seen firsthand.
The effort to create this plan was accomplished by a wide-ranging team from local, state, and federal partners. This team included:
Michelle Hill (NE DHHS, ERPU)
Nicholas Brand and Warren Hagelstien (CISA)
Angie Ling and Margaret Woeppel (Nebraska Hospital Association)
Matt Larsen (TRIMRS HCC)
Shelly Schwedhelm (R7DHRE and Nebraska Medicine)
Angela Krutsinger (ASPR)
Collaboration between all partners/agencies during the planning process provided valuable insight on how each perceived the needs and wording within the plan to ensure there is both buy-in and value. For example, the Nebraska Hospital Association has been vital in promoting the plan and the upcoming tabletop exercise to healthcare executives who have the authority to make the significant changes that may need to be made. Having a good working relationship with the Nebraska CISA team has allowed for information-sharing, subject matter experts, and provided a “local” contact to assist when needed.
The draft of the plan has already been shared with partner organizations and is awaiting the cybersecurity assessment from the Administration for Strategic Preparedness and Response (ASPR) to ensure that it has all the required information. Once the plan has been verified the next step will be testing the plan to identify its strengths and weaknesses.
For more information about the Nebraska Cyber Security Support Plan, or the process of creating the plan, please contact Michelle Hill at michelle.hill@nebraska.gov.