|
Volume 24 — Issue 50 | December 19, 2024 |
|
|
Please note: The InfoGram will not be published on Dec. 26 or Jan. 2 due to the federal holidays. The next InfoGram will be published on Thursday, Jan. 9, 2025.
Last week, the National Institute for Occupational Safety and Health (NIOSH) released a Line of Duty Death (LODD) Report, Volunteer Firefighter Killed after Becoming Trapped at an Assisted Living Facility Fire and Two Firefighters Injured – New York.
This firefighter fatality investigation is the first one NIOSH has conducted involving an assisted living facility. Firefighters faced significant challenges at this incident. The report contains many helpful takeaways for the fire service.
The report distills 17 recommendations for the fire service from the investigation’s findings. Recommendations #13 and #14 are highlighted here because they illustrate two elements of the Fire Service National Strategy (National Strategy) - Mental Health and Codes/Standards – and why addressing these elements is so important for firefighter safety and well-being.
Mental health. Response to this incident lasted over 40 hours and included 25 of the 26 fire departments in the county, a state urban search and rescue (USAR) team, and out-of-state resources. Several Maydays were called. Search and rescue teams did not find the firefighter who died at this incident (Tanker 17D) until more than 23 hours after the incident began. According to interviews conducted by the NIOSH investigators, many of the responding firefighters refused to leave the incident scene when requested to clear by Command. These firefighters elected to stay on-scene to assist in the meticulous search and remained until Tanker 17D was recovered.
After termination of the incident, a critical incident stress management response was activated to provide mental health resources and services to the firefighters and other first responders involved. Many firefighters reported using these resources to address initial and ongoing mental health-related symptoms related to this incident.
NIOSH Recommendation #13 is to “Consider maintaining resources and protocols to address occupational exposure to potentially traumatic events for their members.” The 2024 U.S. Fire Administrator’s Summit on Fire Prevention and Control reaffirmed that one of the most critical issues facing the fire service is mental health and well-being. The 2024 Summit’s Mental Health and Wellbeing Workgroup discussed the Mental Health element of the National Strategy, including a national research agenda and recommended actions to “provide comprehensive mental health and wellbeing resources, including those focused on suicide prevention, for all Fire and EMS personnel.”
Codes/Standards. There were several recommendations related to codes and standards for this incident. One issue that directly impacted firefighters’ safety was that ordinary window glass had been replaced with plexiglass, hampering response to the Maydays. Multiple additions and renovations had been undertaken at the assisted living facility using various building construction materials. However, records of these renovations and the original building construction were limited or non-existent.
The Codes and Standards element of the National Strategy is to “create safer communities by implementing and enforcing codes and standards, especially in the wildland-urban interface and for underserved and vulnerable populations by providing affordable and fire-safe housing.”
NIOSH Recommendation #14 is to “ensure that when the applicable fire code is not enforced by the fire department, the delegated authority shares information with the fire department which may affect fire department operations.”
The report and associated slide presentation are available in NIOSH’s collection, Fire Fighter Fatality Investigation and Prevention Program Reports.
(Sources: NIOSH, USFA)
|
|
|
The Substance Abuse and Mental Health Services Administration (SAMHSA) released a Practical Guide, Advising People on Using 988 Versus 911: Practical Approaches for Healthcare Providers.
The guide provides practical strategies for healthcare providers to help people understand when to use the 988 Suicide & Crisis Lifeline for behavioral health support and 911 for physical emergencies.
Both healthcare providers and patients have experienced confusion in deciding whether 988 or 911 is appropriate across a range of situations. Understanding the differences between 988 and 911 and being able to communicate these differences to patients in ways that address their needs and concerns and respect their desired outcomes can help support effective crisis management.
This Practical Guide encourages and supports primary care, behavioral health, and emergency medical services (EMS) providers to integrate crisis care discussions into routine practice. Through intentional, informative conversations with patients about crisis care and the appropriate use of 988 and 911, providers can assess their patients more holistically and educate them and their trusted networks about available crisis care options.
To support these conversations in daily practice, this guide provides practical steps and real-world scenarios. Both are grounded in research emphasizing the importance of early intervention and clear communication in improving crisis outcomes and reducing reliance on emergency response systems. The guide includes sample crisis intervention scripts, grounding exercises, and deep breathing techniques to support crisis de-escalation.
Access the new Practical Guide at SAMHSA.gov.
(Source: SAMHSA)
The Federal Emergency Management Agency’s (FEMA’s) Building Science Disaster Support (BSDS) team recently released four recovery advisories following the unprecedented wildfires in Maui, Hawaiʻi. The BSDS Program sent experts to assess the performance of buildings and structures after the disaster, and the advisories are based on their observations of the impact of wildfires.
Wildfire Recovery Resources for Maui (Maui Wildfires Recovery Advisory #1): This is a current list of resources available at the one-year anniversary mark of the Maui wildfires. Homeowners, business owners, public officials, as well as design and construction professionals can benefit from using the following wildfire resources in recovery efforts.
Reducing Wildfire Risk to Your Home (Maui Wildfires Recovery Advisory #2): This Recovery Advisory is a detailed infographic on ways to reduce wildfire risk to your home through defensible space and a building’s exterior.
Designing New Residential Structures to Decrease Wildfire Risk (Maui Wildfires Recovery Advisory #3): This Recovery Advisory is focused on one- and two-family dwellings. It presents important fire safety recommendations for design professionals, including architects, engineers, installation professionals and contractors to reduce the likelihood of ignition and structure-to-structure fire spread in single family homes during a wildfire, where building setbacks and defensible space may be limited.
Fire-Resistant Materials and Assemblies (Maui Wildfires Recovery Advisory #4): This Recovery Advisory aims to provide a list of materials that can withstand higher exposure and help slow the spread of fire, but it is important to remember that fire-resistant does not mean fire-proof.
The Recovery Advisories are available in FEMA’s Building Science Resource Library.
(Source: FEMA)
The U.S. Department of Health and Human Services (HHS) Administration for Strategic Preparedness and Response, Technical Resources, Assistance Center, and Information Exchange (ASPR TRACIE) will host a webinar on Wednesday, Jan. 15, 2025, from 1:30-2:30 p.m. EST: Crisis Standards of Care: Insights from COVID-19 and Recent Pharmaceutical Supply Challenges.
In this webinar, ASPR TRACIE’s expert panel will provide insights on creating a robust framework that can handle both daily operational issues and large-scale emergencies. Topics will include recognizing when your healthcare facility or system is operating under crisis standards of care and indicators that signal this transition, considerations for effectively managing care to ensure ethical and efficient decision-making, and lessons learned from staffing and supply challenges associated with the COVID-19 pandemic and other critical incidents.
See ASPR TRACIE’s webinar announcement to learn more about the panelists and how to register. Registration is limited to the first 1,000 participants.
(Source: ASPR TRACIE)
|
|
CISA updates toolkit with seven new resources to promote public safety communications and cyber resiliency
The Cybersecurity and Infrastructure Security Agency (CISA) collaborates with public safety, national security, and emergency preparedness communities to enhance seamless and secure communications to keep America safe, secure, and resilient. Any interruption in communications can have a cascading effect, impacting a public safety agency’s ability to deliver critical lifesaving services to the community. Therefore, public safety agencies carefully plan, implement, and review communications capabilities for resiliency to maintain daily communications capabilities and prepare in advance for emergency events.
CISA created the Public Safety Communications and Cyber Resiliency Toolkit to identify and address emergent trends and issues, consolidate resources, educate stakeholders at all levels of government, and propose mitigations to enable resilient public safety communications.
Users are encouraged to revisit the Toolkit on a regular basis to take advantage of recently added information and resources. Check out the updates at https://www.cisa.gov/publication/communications-resiliency.
(Source: CISA)
CISA releases best practice guidance for mobile communications
On Dec. 18, CISA released Mobile Communications Best Practice Guidance. The guidance was crafted in response to identified cyber espionage activity by People’s Republic of China (PRC) government-affiliated threat actors targeting commercial telecommunications infrastructure, specifically addressing “highly targeted” individuals who are in senior government or senior political positions and likely to possess information of interest to these threat actors.
Highly targeted individuals should assume that all communications between mobile devices—including government and personal devices—and internet services are at risk of interception or manipulation.
CISA strongly urges highly targeted individuals to immediately review and apply the best practices provided in the guidance to protect mobile communications, including consistent use of end-to-end encryption.
(Source: CISA)
|
|
CISA and ONCD release Playbook for Strengthening Cybersecurity in Federal Grant Programs for Critical Infrastructure
On Dec. 17, CISA and the Office of the National Cyber Director (ONCD) published Playbook for Strengthening Cybersecurity in Federal Grant Programs for Critical Infrastructure to assist grant-making agencies to incorporate cybersecurity into their grant programs and assist grant-recipients to build cyber resilience into their grant-funded infrastructure projects.
This guide is for federal grant program managers, critical infrastructure owners and operators, and organizations such as state, local, tribal, and territorial governments who subaward grant program funds, and grant program recipients.
(Source: CISA)
CISA publishes draft National Cyber Incident Response Plan for public comment
CISA published the draft National Cyber Incident Response Plan (NCIRP) Update on Dec. 16 for public comment on the Federal Register. Through the Joint Cyber Defense Collaborative (JCDC) and in close coordination with the Office of the National Cyber Director (ONCD), this update addresses significant changes in policy and cyber operations since NCIRP was released in 2016.
The NCIRP is the nation’s strategic framework for coordinated response to cyber incidents along four lines of effort: Asset Response, Threat Response, Intelligence Support, and Affected Entity Response. It includes coordination mechanisms, key decision points, and priority activities across the cyber incident response lifecycle. The NCIRP also identifies structures that response stakeholders should leverage to coordinate cyber incidents requiring cross-sector, public-private, or federal coordination; however, it is not meant to be a step-by-step instruction manual.
Public comments can be posted on the Federal Register, CISA-2024-0037. The public comment period will close on January 15, 2025.
(Source: CISA)
Nebraska AG sues Change Healthcare, UnitedHealth for data theft after ransomware attack
Nebraska’s Attorney General has filed a lawsuit against Change Healthcare accusing the company of exposing the sensitive healthcare information of state residents and leaving healthcare providers unable to provide care following a ransomware attack in February.
The 29-page filing alleges violations of Nebraska’s consumer protection and data security laws and says Change Healthcare — which is owned by UnitedHealth Group (UHG) — failed to implement proper security measures that exacerbated the data breach, disrupting critical healthcare services across the state.
The cyberattack on Change Healthcare is one of the most consequential ransomware attacks in U.S. history, exposing the sensitive healthcare information of about 100 million Americans and paralyzing the country’s healthcare industry for weeks.
(Source: The Record)
Ascension: Health data of 5.6 million stolen in ransomware attack
Ascension, one of the largest private U.S. healthcare systems, is notifying over 5.6 million patients and employees that their personal and health data was stolen in a May cyberattack linked to the Black Basta ransomware operation.
The health network reported a total revenue of $28.3 billion in 2023 and operates 140 hospitals and 40 senior care facilities across the United States.
Ascension says it notified law enforcement and government partners, such as CISA and the FBI, of the breach after detecting the May 8 attack. After the incident, Ascension revealed that the ransomware breach was caused by an employee who downloaded a malicious file onto a company device. However, it believes this was likely an "honest mistake," given that the employee thought they were downloading a legitimate file.
Following the incident, Ascension employees had to keep track of procedures and medications on paper, as they could no longer access patients' electronic records. The company also had to pause some non-emergent elective procedures, tests, and appointments and divert emergency medical services to other healthcare units to prevent triage delays.
Since the operation emerged in April 2022, Black Basta has breached the networks of many high-profile victims, including German defense contractor Rheinmetall, outsourcing giant Capita, U.S. government contractor ABB, and the Toronto Public Library.
(Source: Bleeping Computer)
|
|
The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures. |
|
|
Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.
Linking Policy and Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites, or the information, products or services contained therein. We provide these links and pointers solely for your information and convenience. When you select a link to an outside website, remember that you are subject to the privacy and security policies of the owners/sponsors of the outside website. To view information and resources on the policies that govern FEMA web content visit FEMA Website Information.
Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.
|
|
|
|
|
