Inside CHIME: List Gives Resources for Monitoring, Reporting Cyber Incidents

7.617 by Mari Savickis VP of Federal Affairs, CHIME

Another cyberattack was launched in late June that affected hospitals in Pennsylvania and West Virginia as well as a pharmaceutical company in the United States. The attack, with some similarities to the WannaCry incident in May, started in the Ukraine and spread to Europe, Australia and elsewhere. The Department of Health and Human Services (HHS) also reported that “at least one support company that provides health records services is impacted which may impact the ability to enter information into patient charts and access clinical test results.”

Below are free cybersecurity resources for members for this and other cyber incidents.

For alerts:

• Public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new. HHS Assistant Secretary for Preparedness & Response’s Healthcare Emergency Preparedness Information Gateway (or ASPR TRACIE) sends timely alerts on emergencies including cyber threats and information sharing.
• HHS website: asprtracie.hhs.gov
• HHS Twitter: @PHEgov
• Sign up for Department of Homeland Security (DHS) alerts: public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new. DHS responds to incidents, analyzes data about emerging cyber threats and shares information with the industry.
• DHS website: us-cert.gov/about-us
• DHS on Twitter: @USCERT_gov

To request a free scan of your public IP:

• The US-CERT’s National Cybersecurity Assessment & Technical Services (NCATS) provides integrated threat intelligence and provides an objective third-party perspective on the current cybersecurity posture of the stakeholder’s unclassified operational / business networks. There is no cost to use this service. Contact US-CERT: NCATS_INFO@hq.dhs.gov.

For reporting a device vulnerability:

• Call the Food and Drug Administration (FDA): 1-866-300-4374. Contact the FDA if you need to report a vulnerability impacting one of your devices. They have established an emergency hotline that can be used 24/7. Reports of impact on multiple devices should be aggregated on a system/facility level.

For reporting a cyber incident and law enforcement contacts:

• DHS offers the US-CERT Incident Reporting System for a secure web-enabled means of reporting computer security incidents at us-cert.gov/forms/report. This system assists analysts in providing timely handling of security incidents as well as the ability to conduct improved analysis.
• The Federal Bureau of Investigation (FBI) also urges victims to report ransomware incidents to the Internet Crime Complaint Center, at IC3.gov. This allows the agency to better understand threats.
• The U.S. Secret Service has an Electronic Crimes Task Force. Those interested in help can locate their field office by going to secretservice.gov/investigation/#field.

For other breach resources:

• HHS’ Office for Civil Rights (OCR) requires covered entities to notify them if they discover a breach of unsecured protected health information. hhs.gov/hipaa/for-professionals/breach-notification/breach-reporting/index.htm
• OCR considers all ransomware attacks a breach; whether they must be reported depends on the situation. hhs.gov/sites/default/files/RansomwareFactSheet.pdf
• Risk assessment tools and information: healthit.gov/providers-professionals/security-risk-assessment-tool
• To help healthcare organizations covered by the Health Insurance Portability and Accountability Act (HIPAA) to bolster their security posture, HHS created a crosswalk that identifies “mappings” between the National Institute of Standards and Technology (NIST) Cybersecurity Framework and the HIPAA Security Rule. The crosswalk also includes mappings to other commonly used security frameworks. hhs.gov/sites/default/files/nist-csf-to-hipaa-security-rule-crosswalk-02-22-2016-final.pdf
• HHS quick response checklist and infographic for victims of cyberattack: hhs.gov/sites/default/files/cyber-attack-checklist-06-2017.pdf and hhs.gov/sites/default/files/cyber-attack-quick-response-infographic.gif