View as a webpage / Share

Volume 22 — Issue 30 | July 28, 2022

Updates for EMS on the monkeypox outbreak

Since the first case of monkeypox in the United States was confirmed on May 18, the number of cases in the U.S. has risen substantially. The Centers for Disease Control and Prevention (CDC) reports that the U.S. currently has the highest number of confirmed cases in the world at 3,591, with the United Kingdom and some European countries following close behind. On July 23, the World Health Organization (WHO) released a statement declaring the multi-country monkeypox outbreak as a Public Health Emergency of International Concern (PHEIC).

Recent public health data on the current outbreak has prompted revisions to initial guidance for stopping human-to-human spread of monkeypox. The Department of Health and Human Services (HHS), National Emerging Special Pathogens Training and Education Center (NETEC) has revised initial guidance to emergency medical services (EMS) providers issued in May.

NETEC’s Identifying Monkeypox: Update for EMS Professionals highlights the prevalence of atypical presentations of monkeypox, such as localized rather than whole-body rashes, and the presence of sores even in the absence of typical signs of viral infection such as fever and swollen lymph nodes. These departures from the typical presentation can make monkeypox symptoms resemble those of some sexually transmitted diseases.

In addition to NETEC’s updated guidance, two CDC webinars from May and June offer visual aids for identifying both typical and atypical symptoms of monkeypox.

NETEC’s update for EMS also revises information on the groups at highest risk for contracting monkeypox. These revisions are aligned with the CDC’s current epidemiological criteria and with the most recent statistics from the WHO, which show that the ongoing global outbreak is largely developing within the social networks of Men who have Sex with Men (MSM).

NETEC’s guidance for EMS emphasizes use of the CDC’s Identify, Isolate, Inform algorithm, originally developed to guide emergency department response during the Ebola outbreak in 2014.

In a recent webcast by the Journal of Emergency Medical Services (JEMS), COVID-19 and Monkeypox Update – Keeping EMS Personnel Safe, two experts from Emory University’s Office of Critical Event Preparedness and Response (CEPAR) review each step in “Identify, Isolate, and Inform”, highlighting specific actions EMS should take in response to monkeypox based on the most current information available.

This webcast offers a comparison between COVID-19 versus monkeypox for each step in “Identify, Isolate, and Inform”. The presentation emphasizes the importance of implementing a hierarchy of controls for the safety of EMS personnel managing patients ill with either of these viruses. This webcast originally aired on July 12 and is now available free on demand after registration.

(Sources: WHO, CDC, NETEC, JEMS)

Highlights

Updates for EMS on the monkeypox outbreak

Emergency responder input sought on disruptive vehicle technologies such as EVs and autonomous vehicles

Cyber Safety Review Board releases inaugural report on the December 2021 Log4j event

Crisis Management for School-Based Incidents: Partnering Rural Law Enforcement, First Responders and Local School Systems

Cyber Threats

The U.S. Fire Administration operates the Emergency Management and Response – Information Sharing and Analysis Center (EMR-ISAC).

For information regarding the EMR-ISAC visit www.usfa.dhs.gov/emr-isac or contact the EMR-ISAC office at: (301) 447-1325 and/or fema-emr-isac@fema.dhs.gov.

Emergency responder input sought on disruptive vehicle technologies such as EVs and autonomous vehicles

The Emergency Responder Safety Institute (ERSI) has partnered with the University of Alabama to survey emergency responders about their knowledge, practices, and training experiences related to disruptive vehicle technologies such as electric vehicles (EVs), advanced driver assistance systems (ADAS), connected vehicles (CVs) and autonomous vehicles (AVs).

This survey seeks to find out more about how emergency services are challenged by these disruptive vehicle technologies. The influence of these technologies is increasing and is already impacting responder safety and operations. The survey will provide important information for stakeholders to prepare for the deployment of these new technologies and to improve the safety of incident response personnel.

ERSI is committed to reducing deaths and injuries to America's emergency responders, with a focus on the safety of the men and women who respond to emergencies on our nation’s streets, roads and highways. ERSI administers ResponderSafety.com and the Responder Safety Learning Network, and is a partner of the United States Fire Administration.

ERSI strongly encourages emergency responders to share their experiences via this survey. The survey is estimated to take about 10 minutes to complete. It is sponsored by the Alabama Transportation Institute and the Transportation Policy Research Center at the University of Alabama.

(Source: ERSI)

Cyber Safety Review Board releases inaugural report on the December 2021 Log4j event

On July 14, the Department of Homeland Security (DHS) announced the release of the first report of the Cyber Safety Review Board (CSRB), which was formed earlier this year in response to Executive Order 14028: Improving the Nation’s Cybersecurity.

This inaugural CSRB report, Review of the December 2021 Log4j Event, addresses the continued risk posed by vulnerabilities discovered in late 2021 in the widely used Log4j open-source software library. These Log4j vulnerabilities are some of the most serious discovered in recent years.

The Log4j event exposed some of the security risks unique to the thinly resourced, volunteer-led open-source software community. Among the recommendations offered, the report states that industry and the federal government must commit more resources to supporting open-source software security.

The Log4j event also highlighted some fundamental vulnerabilities within our global technology infrastructure. Software at scale requires the use of reusable building blocks. These building blocks are integrated into numerous software packages in the software supply chain. When vulnerabilities are discovered in these reusable building blocks, they can lead to far-reaching incidents impacting many organizations simultaneously. Vulnerabilities may also be hard to locate in a particular organization’s software environment.

These two factors – the thinly-resourced open-source software community and the enormous attack surface created by the Log4j vulnerability due to its role as a “reusable building block” – contributed to the severity and magnitude of the Log4j event.

The Review of the December Log4j Event report draws on subject matter expertise in open-source software and its development, deployment, and maintenance. It emphasizes that the Log4j event is not over. Significant risks remain since these vulnerabilities still exist in many unpatched systems. The report discusses the timeline of response and the challenges during response, especially for smaller organizations.

The report includes 19 actionable recommendations for government and industry. The recommendations focus on driving better security in software products and enhancing public and private sector organizations’ ability to respond to severe vulnerabilities.

The CSRB is a public-private initiative that brings together government and industry leaders to review and assess significant cybersecurity events to better protect our nation’s networks and infrastructure. The CSRB does not have regulatory powers and is not an enforcement authority. Instead, its purpose is to identify and share lessons learned to enable advances in national cybersecurity.

To access the report and learn more about the CSRB and its mission, visit the CSRB page on the Cybersecurity and Infrastructure Security Agency’s (CISA's) website.

(Source: DHS)

Crisis Management for School-Based Incidents: Partnering Rural Law Enforcement, First Responders and Local School Systems

Schools in small, rural, and remote areas across the country account for almost 23% of the total student population - more than 11 million students. However, rural schools, law enforcement, and other emergency responders are often limited in resources. It is imperative that all potentially affected parties collaborate on planning, preparing, communicating, responding, and recovering from a school-based incident.

The Rural Domestic Preparedness Consortium (RDPC), led by the Center for Rural Development, offers a course to help emergency responders and school administrators plan and prepare for crisis incidents in schools.

AWR-148: Crisis Management for School-Based Incidents: Partnering Rural Law Enforcement, First Responders and Local School Systems is an awareness-level course for both school administrators and emergency responders, especially rural law enforcement personnel.

The course teaches law enforcement personnel, school administrators and staff to effectively respond to an emergency involving a school building or an entire school system. The training will provide representatives of rural law enforcement departments with a foundation of knowledge and skills that will enable them to progressively establish a school-based emergency response plan and crisis management team through information sharing and training.

The RDPC offers AWR-148 in several delivery formats:

• AWR-148. This is an in-person instructor-led course delivered at a local training agency. It is an 8-hour course, delivered over 2 days.
• AWR-148-V. This is a virtual instructor-led course, delivered via Zoom for Government. This course is also 8 hours in length, delivered over 2 days.
• AWR-148-W. This is a web-based course. It is self-paced and accessible via RDPC’s learning management system at online.ruraltraining.org.

Agencies interested in requesting either an in-person or virtual instructor-led delivery of this course can complete RDPC’s Request a Course form.

Individuals can register for a currently scheduled course (either virtual or in-person) by visiting the Training Schedule, selecting a scheduled course offering, and completing the registration form for that offering.

To take the web-based training, visit RDPC’s AWR-148-W page, and follow instructions for registration. Note that if you do not already have a Student Identification Number (SID) from the Federal Emergency Management Agency (FEMA), you will need to first complete a brief FEMA registration form to obtain a FEMA SID number. This number is required to create your RDPC account and to complete your registration for this course.

All courses offered through RDPC are certified by the Department of Homeland Security (DHS) and the Federal Emergency Management Agency. All are funded by DHS and offered to the emergency services tuition-free.

(Source: RDPC)

Cyber Incident Assistance

MS-ISAC
SOC@cisecurity.org
1-866-787-4722

IdentityTheft.gov

IC3

Cybercrime Support Network

General Information

StopRansomware.gov

CISA's Known Exploited Vulnerabilities Catalog

FTC scam list

CISA alerts

Law Enforcement Cyber Center

TLP Information

United States and Ukraine expand cooperation on cybersecurity

CISA and the Ukrainian State Service of Special Communications and Information Protection of Ukraine (SSSCIP) signed a Memorandum of Cooperation (MOC) this week to strengthen collaboration on shared cybersecurity priorities.

The MOC expands upon CISA’s existing relationship with the Government of Ukraine in the areas of: 

• Information exchanges and sharing of best practices on cyber incidents.
• Critical infrastructure security technical exchanges.
• Cybersecurity training and joint exercises.

(Source: CISA)

CISA releases Log4Shell-related MAR

From May through June 2022, CISA responded to an organization that was compromised by an exploitation of an unpatched and unmitigated Log4Shell vulnerability in a VMware Horizon server. CISA analyzed five malware samples obtained from the organization’s network and released a Malware Analysis Report of the findings.

Users and administrators are encouraged to review MAR 10386789-1.v1 for more information.

(Source: CISA)

Why whole-of-state cybersecurity is the way forward

U.S. State, Local, Tribal, and Territorial (SLTT) government organizations suffered their fair share of ransomware attacks in 2021. These ransomware attacks are one of several challenges that has led to many in the industry advocating for a whole-of-state cybersecurity approach. It's a methodology where SLTT leaders work together to increase the availability of their cybersecurity resources and facilitate the sharing of information throughout the community.

Whole-of-state cybersecurity is gaining in popularity for a few reasons. One factor is that this methodology acknowledges shared cyber risks between organizations in the same industry. Another is reduced duplication of work and effort.

(Source: Center for Internet Security)

Average data breach costs hit a record $4.4 million, report says

The average cost of a data breach rose to $4.4 million this year, according to a new report from IBM Security. More than half of the companies surveyed for the report admitted to passing on those higher costs to customers in the form of higher prices.

The annual report is based on an analysis of data breaches experienced by 550 organizations around the world between March 2021 and March 2022. The cost estimates are based on both immediate and longer-term expenses.

(Source: CNET)

Web Application Attacks in Healthcare

This Threat Brief from the Department of Health and Human Services (HHS) Health Sector Cybersecurity Coordination Center (HC3) includes a background on web applications, explanation of a web application attack, impacts to the health sector, mitigation options, and free or low-cost resources for the Health Sector.

(Source: HHS HC3)

The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures.

Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.

Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites or the information, products or services contained therein. Reference to any specific commercial products, process or service by trade name, trademark, manufacturer or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the EMR-ISAC or the U.S. government.

Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.