|
Volume 23 — Issue 40 | October 5, 2023 |
|
|
Ground ambulance crashes remain one of the leading causes of death on the job among emergency medical services (EMS) personnel. The National Highway Traffic Safety Administration (NHTSA) Office of Emergency Medical Services (OEMS) recently published an analysis of ground ambulance crash data from 2012 to 2018, along with a presentation and infographic summarizing its findings.
This 2023 analysis expands on the initial study on ambulance crash data from 1992-2011 that was published in 2014. The analysis draws from data within several national crash databases and NHTSA’s Special Crash Investigation (SCI) reports for ambulance-involved crashes.
These new materials, now available on EMS.gov, provide an in-depth look at the latest data and recommendations to improve ground ambulance safety. The following are some notable findings from the analysis:
- Of the individuals killed in 173 fatal crashes between 2012 and 2018, 40.2% were occupants of the ambulance, 52.3% were occupants of other vehicles involved in the crash, and 7.5% were non-occupants (e.g., pedestrians, bicyclists).
- Overall, 45.7% of the fatal crashes occurred during emergency use of the ambulance and 28% occurred when lights and sirens were active.
- Almost all (92.6%) of the 27 SCI crashes reviewed involved ambulance operator/driver error.
An additional key finding in the 27 SCI reports was lack of proper restraint use in the cabin by both clinicians and patients:
- Only 8.8% of clinicians were properly restrained.
- While 95.7% of patients were restrained in some manner, only 17.4% of the patients were properly restrained using both lateral belts and shoulder harnesses.
The analysis suggests four priority areas to improve ground ambulance safety: (1) strengthen organizational safety polices; (2) reduce operator error through training; (3) create a culture of safety; (4) adopt new vehicle safety designs or technologies. The report discusses each of these areas, with specific recommended countermeasures, additional guidance, and resources for implementation.
Access the report, presentation, and infographic on EMS.gov, within NHTSA OEMS’ Safety Resources collection.
(Source: NHTSA)
|
|
|
This October marks the 20th annual Cybersecurity Awareness Month. This year, the Cybersecurity and Infrastructure Security Agency (CISA) is focusing on strengthening basic cyber hygiene behaviors.
During a keynote speech on Sept. 26 unveiling CISA’s public service announcement for its enduring Secure Our World campaign, CISA’s Director made a powerful case for strong basic cyber hygiene practices with the following points:
Each week in October, CISA’s Secure our World campaign will spotlight one of the four key behaviors that everyone can take to stay safe online: use strong passwords and a password manager; use multifactor authentication (MFA); recognize and report phishing; and update software. For each of these basic cyber hygiene behaviors, CISA will hold a webinar each week. CISA has also created a toolkit, tip sheets, and short animated videos on its YouTube channel for easy sharing of this essential educational material.
While all individuals and businesses need to protect themselves with these basic cyber hygiene habits, emergency services agencies are part of the nation’s critical infrastructure and have even more at stake. The Emergency Services Sector (ESS) has become increasingly dependent on a variety of cyber-related assets and systems to fulfill its missions. The ESS needs additional defenses for its evolving emergency communications infrastructure and other mission-critical data.
Many emergency services agencies are part of state, local, tribal, and territorial (SLTT) government. For these agencies, the Multi-State Information Sharing and Analysis Center (MS-ISAC) can help. Membership in the MS-ISAC is open to employees or representatives from all 50 states, the District of Columbia, U.S. Territories, local and tribal governments, public educational institutions, authorities, and any other non-federal public entity in the United States. Membership is always free and voluntary. MS-ISAC offers its members a suite of free services including incident response and remediation support through a team of security experts. MS-ISAC develops tactical, strategic, and operational intelligence, and advisories that offer actionable information for improving cyber maturity. Visit MS-ISAC’s website to learn more about how to join.
Because emergency communications infrastructure and sensitive data are some of the most critical assets for the Emergency Services Sector, Motorola Solutions launched its Public Safety Threat Alliance (PSTA) in 2022. The PSTA is a CISA-recognized information sharing and analysis organization (ISAO) that offers dedicated information and intelligence-sharing to protect against cyber threats to public safety, which are growing in scale and complexity. The PSTA is focused on a wide range of cyber threats to public safety, including threats to critical communications platforms such as land mobile radio (LMR), 9-1-1 call handling, computer-aided dispatch (CAD), and other law enforcement systems and networks. Membership in the PSTA is free to all public safety agencies. Organizations can learn more and register for membership at https://motorolasolutions.com/psta.
(Sources: CISA, MS-ISAC, Motorola Solutions)
On Sept. 29, the Department of Transportation (DOT), Pipeline and Hazardous Materials Safety Administration (PHMSA) announced the award of over $30 million in fiscal year 2023 hazardous materials grant funding to states, territories, tribes, and non-profits. This grant funding will support first responders and strengthen local efforts to respond to hazardous materials incidents. The funding is allocated through six of PHMSA’s hazardous materials grant programs. With the announcement, PHMSA has posted its FY 2023 Hazardous Materials Grants Report, which describes each of the six hazardous materials grant programs and lists all grant recipients and award amounts for fiscal year 2023.
Earlier in September, PHMSA announced $14.8 million in grant awards through five of its pipeline safety grant programs. The pipeline safety grant programs primarily support pipeline owners, operators, and researchers rather than state, local, tribal, and territorial emergency responders. However, one of these five programs, the Pipeline Emergency Response Grant (PERG) supports responder training and community involvement in pipeline emergency response preparedness and response efforts, particularly in high consequence areas. This year, $5.8 million was awarded through PERG to support incident response activities related to the transportation of gas or hazardous liquids by pipelines. With the Sept. 19 announcement, PHMSA posted its Pipeline Safety Grants FY2023 report, listing all pipeline safety grant recipients and award amounts for this year.
Learn more about PHMSA’s grant programs that support emergency responders, and this year’s awards for PHMSA’s hazardous materials and pipeline safety grants on PHMSA’s website.
(Source: PHMSA)
What would you do if your public safety agency’s official social media accounts got hacked? How would you let your community know? How would you get control back? And what can you do to prevent it?
The Justice Clearinghouse is offering a free webinar on Thursday, Nov. 2, from 1:00 to 2:15 p.m. EDT, Surviving a Social Media Hack. This webinar will feature a presenter whose agency experienced a large-scale, international hack of their Facebook page. You’ll learn about prevention strategies, key contacts at social media platforms, informing your followers, recovery plans and more.
The Justice Clearinghouse takes an inter-disciplinary approach to understanding and resolving the challenges affecting the justice and public safety arena. It has created a learning-on-demand, just-in-time, peer-to-peer professional development environment for all justice professionals.
Visit the Justice Clearinghouse website to learn more and register for this webinar. See Justice Clearinghouse’s webinar schedule to learn more about its upcoming webinars for law enforcement professionals.
(Source: Justice Clearinghouse)
|
|
CISA: Empowering a secure future - Recap of the first Cyber Resilient 911 symposium
In a world where technology evolves rapidly, ensuring the security and resilience of our nation’s Emergency Communications Centers (ECCs) is of paramount importance.
CISA held its inaugural Cyber Resilient 911 (CR911) symposium on September 19-20, 2023, in Herndon, Virginia. The symposium was hosted by CISA’s Emergency Communications Division (ECD), in partnership with the Federal Communications Commission (FCC), the National Highway Traffic Safety Administration (NHTSA), and the National Telecommunications & Information Administration (NTIA).
The CR911 program is an initiative dedicated to addressing operational cybersecurity challenges faced by ECCs at various levels, including federal, state, local, tribal, and territorial (FSLTT). As ECCs transition to Next Generation 911 (NG911) from legacy systems, they are exposed to a range of potential cybersecurity risks.
This collaborative event gathered 911 stakeholders from CISA regions 1, 2 and 3 (Northeast region) to discuss the cyber threat landscape and to explore available tools, frameworks, and solutions.
CISA is committed to hosting a series of interactive regional symposiums across the United States through 2024. These symposiums will be tailored to address the specific needs of the 911 community, promoting dialogue and collaboration between FSLTT stakeholders.
Read CISA’s blog recapping the Cyber Resilient 911 symposium to learn more about CISA’s plans for the CR911 program.
(Source: CISA)
|
|
CISA and NSA release new guidance on identity and access management
On Oct. 4, CISA and the National Security Agency (NSA) published Identity and Access Management: Developer and Vendor Challenges, authored by the Enduring Security Framework (ESF), a CISA- and NSA-led working panel that includes a public-private cross-sector partnership. ESF aims to address risks that threaten critical infrastructure and national security systems.
This publication, which follows ESF's Identity and Access Management Recommended Best Practices Guide for Administrators, assesses and addresses challenges developers and technology manufacturers face in identity and access management (IAM). The guidance specifically addresses technology gaps that limit the adoption and secure employment of multifactor authentication (MFA) and single sign-on (SSO) technologies within organizations.
Although the publication primarily addresses challenges facing large organizations, it also provides recommendations applicable to smaller organizations. CISA encourages cybersecurity defenders to review this guidance and to speak to their software vendors about implementing its recommendations.
(Source: CISA)
MS-ISAC: 2022 National Cybersecurity Review - SLTTs excel in recovery planning and mitigation
The MS-ISAC has released its National Cybersecurity Review (NCSR) for 2022. The NCSR is an annual, no-cost, and anonymous self-assessment that SLTT governments can use to measure gaps and capabilities in their cybersecurity program. A total of 3,681 SLTT government organizations participated in the 2022 NCSR.
The 2022 NCSR showed that SLTT agencies excelled in areas such as identity and access management, maintaining inventories of physical devices and systems, protecting physical assets, managing remote access, and protecting network integrity.
The SLTT community showed deficiencies in capabilities related to testing response and recovery plans, verifying hardware integrity, separating development and testing from production environments, and implementing system development life cycles and vulnerability management plans.
See the MS-ISAC’s blog for a detailed overview of the 2022 NCSR findings.
(Source: MS-ISAC)
FDA cyber mandates for medical devices goes into effect
New regulations that went into effect on Sunday, Oct. 1, aim to make it more difficult to hack into medical devices by requiring vendors to beef up the security features of things like pacemakers and insulin pumps before they make it onto the market.
The new rules empower the Food and Drug Administration (FDA) to “refuse to accept” devices that don’t meet the agency’s cybersecurity guidelines, giving the agency a blunt tool to decrease the risk of vulnerable medical devices making it into the hands of consumers.
The change in the FDA regulatory regime comes amid a push by the Biden administration to sharpen cybersecurity regulations. The administration is pushing the manufacturers of products to take on greater responsibility for their cybersecurity. The FDA’s regulations for medical devices are at the forefront of that effort.
(Source: Cyberscoop)
Ransomware group demands $51 million from Johnson Controls after cyberattack
Johnson Controls, a multinational conglomerate that secures industrial control systems, security equipment, fire safety and air conditioning systems, has been hit by a massive cyberattack.
The company, which employs over 100,000 people around the world, suffered a ransomware attack over the weekend which left data encrypted and caused it to shut down sections of its IT infrastructure. The Dark Angels ransomware group has claimed responsibility for the attack and claims to have exfiltrated over 25 TB of data from the organization. The threat? If a whopping $51 million ransom is not paid, Dark Angels say that the stolen data will be published on the "Dunghill Leaks" site.
In an SEC filing, Johnson Controls confirmed that it had "experienced disruptions in portions of its internal IT infrastructure and applications" as a result of the ransomware attack.
(Source: Bitdefender)
|
|
The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures. |
|
|
Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.
Linking Policy and Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites, or the information, products or services contained therein. We provide these links and pointers solely for your information and convenience. When you select a link to an outside website, remember that you are subject to the privacy and security policies of the owners/sponsors of the outside website. To view information and resources on the policies that govern FEMA web content visit FEMA Website Information.
Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.
|
|
|
|
|
