EMS leaders should expect, prepare for cyberattack
Many EMS agencies and other public safety organizations have significant exposed risks that can lead to cyberattack data breaches and infrastructure damage
BOCA RATON, Fla. — EMS agencies, other public safety organizations and hospitals are vulnerable targets for cyberattacks. Cybersecurity risks and strategies to reduce an EMS agency’s risk were presented to Pinnacle EMS conference attendees.
Frank Gresh, MS, chief information officer, Emergency Medical Services Authority, presented the potential exposures of EMS, as well as other public safety entities, to cyberattack. Software data, like patient care records, and hardware, like 911 call centers, are potential targets for hacking. Infrastructure reliant on outdated technology is especially vulnerable to terrorists or hackers who could overwhelm the system, preventing 911 telecommunicators from answering or dispatching actual emergency calls.
Memorable quotes on cyberattacks against EMS
Here are memorable quotes from Gresh's presentation.
"Every day, every second of the time there is some attempt being made to compromise access or get into a system – not necessarily against EMS – but there are always threats being made."
"It's not just IT's job to think about information security. It's everybody's job to keep your (organization’s) information secure."
"It is absolutely OK to seek outside assistance to shore up information security in your organization. Ask for help."
Top takeaways on EMS cybersecurity risks
Here are three top takeaways on EMS cybersecurity risks from Gresh's presentation.
1. Everyone is responsible for cybersecurity
Protection of patient data, account credentials and hardware access is the responsibility of everyone in an EMS organization. As Gresh outlined the risks and vulnerabilities, it's clear that the IT experts need the cooperation and compliance of all EMS personnel to protect the organization from cyberattack.
Gresh encouraged every EMS agency to provide more training to personnel on recognizing threats and avoiding attacks. He shared an example of an email phishing attack targeting the agency's CFO and CEO.
2. Cyberattack risk is constant
Gresh showed a real-time map of cyberattacks to illustrate that cyberattacks are constantly happening, 24/7. There are many routes or attack vectors, including:
- Hijacking of personal credentials for a secure website
- Email phishing schemes with nefarious attachments or links
- Downloading malware or unwanted programs
- Intrusions or exploits to the organization's firewall
- Denial of service attacks
Many of the attack vectors are dependent on socially-engineered content to entice an email recipient or website visitor to click on a link, download an attachment, unzip a file or launch a new program. An emerging trend is social engineering telephone calls from the attacker directing their email phishing target on how to bypass security controls and run macros to launch malware.
3. Identify and prioritize cyberattack targets
Cyberattacks target more than patient or employee data. Hackers were able to activate 156 emergency sirens in Dallas.
Gresh encouraged attendees to broadly consider the risks, and then prioritize actions to physically and electronically protect data and hardware assets. EMSA was able to move its data center into a hardened bunker to protect it from physical risks like flooding, tornadoes and earthquakes.
He also explained that it's OK to balance highest value targets with the easier-to-mitigate targets. EMS leaders were encouraged to complete some simple protection steps – like educating personnel about email phishing schemes – while also working toward better protection of high-value targets.
Learn more about cybersecurity
Learn more about cyberattacks, protection and practices from these EMS1 and Police1 articles.
- The ransomware epidemic: What EMS agencies need to know
- Why cybersecurity is important for EMS leaders
- Top 10 best cybersecurity practices for EMS agencies
- 'Internet of things' security introduction for EMS leaders
- 9 cyberattacks that threatened police officer safety and obstructed justice
- How grant funding can assist in the battle against cybercrime
- How to protect your digital video evidence from a cyberattack