The Healthcare and Public Health Sector plays a major role in emergency preparedness, prevention, protection, mitigation, response, and recovery for threats and hazards such as terrorism, infectious disease outbreaks, and natural disasters.
This diverse sector consists of public and private hospitals, long-term care facilities, outpatient clinics, home health care services, hospices, pharmaceutical companies, health and medical education institutions, research and diagnostic laboratories, ambulatory care centers, and local and county health departments.
New Jersey has about 2,000 licensed hospitals, nursing homes, and medical care facilities, including 183 ambulatory-surgical centers, 144 dialysis clinics, 844 long-term care centers, and 71 acute care hospitals. Ten of these hospitals are designated as Level-1 and Level-2 Trauma Centers, meaning they can provide total care for every aspect of injury.
The Healthcare and Public Health Sector faces a high cyber threat from profit-motivated criminals and state-sponsored espionage groups. In February 2016, Hollywood Presbyterian Medical Center in Los Angeles paid a $17,000 ransom after a malware infection disrupted the hospital’s operations for nearly two weeks. Less than two months later, St. Mark’s Medical Center in Texas paid an $18,000 ransom in a similar incident.
In 2015, there were at least 277 healthcare breaches in the United States, with a combined loss of more than 112.8 million records—accounting for two-thirds of records breached across the country. The FBI assesses financially-motivated cyber criminals will continue to target the US Healthcare Sector, making it particularly vulnerable to cyber attacks as employees fall victim to spear-phishing.
The sector faces a low terror threat, but it continues to be a target of interest for anti-abortion extremists in the United States. In November 2015, Robert Lewis Dear, Jr., attacked a Planned Parenthood clinic in Colorado, killing three.
In January 2016, the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) and the National Healthcare Information Sharing and Analysis Center (NH-ISAC) announced a partnership to enhance cybersecurity information sharing on behalf of New Jersey’s healthcare providers. Under the agreement, the NJCCIC and NH-ISAC perform automated indicator sharing (AIS) to exchange intelligence data in real-time. The agreement mandates strict data handling, classification, and disclosure protocols to protect confidentiality.
The 2016 National Snapshot of Public Health Preparedness published by the US Centers of Disease Control and Prevention provides guidance for improving health security, protecting people from public health threats, and strengthening collaboration.
The Office of Health Affairs (OHA) guides Department of Homeland Security (DHS) leaders on medical and public health issues related to national security and long-term policies. Teams build relationships between DHS and public health communities nationwide to make sure they can work together to prepare for, respond to, and recover from a crisis. They collect and analyze data for early signs of chemical and biological threats and plan responses.
The Pandemic and All-Hazards Preparedness Act was enacted to improve the US public health medical preparedness and response capabilities for emergencies, whether deliberate, accidental, or natural. It also brought a number of programs such as the advanced development and acquisitions of medical countermeasures, and called for the establishment of a quadrennial National Health Security Strategy, to help minimize the consequences associated with significant health incidents.
- How are extremists planning to physically attack the sector in New Jersey?
- What medical devices are being exploited to penetrate healthcare networks?
- What healthcare software applications are most vulnerable to hacking?
For more information, please contact NJOHSP's Preparedness Bureau at firstname.lastname@example.org.