Emergency Preparedness

NYSHFA | NYSCAL will continue to keep you informed before, during and after a regional or statewide emergency or disaster.  Please visit this site regularly to stay up-to-date on the most current information available.

Notices:

December 13 – 15

Emergency Preparedness » Weather Storm Watch/Warning. See PDF links below for specifics.

• National Weather Service 1
• National Weather Service 2
• National Weather Service 3
• National Weather Service 4

Health & Medical Preparedness Actions/Recommendations

We ask our Health and Medical ESF partners to review their emergency plans and prepare for potential impacts, including ensuring that adequate staffing is in place throughout the event. Agencies should be communicating with their staff, partners, suppliers and clients about the forecast weather and how it may affect operations/travel. 

Stay Informed

• Call 311
• Sign up for Notify NYC: https://a858-nycnotify.nyc.gov/notifynyc/
• Visit NWS website: http://www.weather.gov/okx/
• eFINDS Mobile-ReleaseNotes-3.1 January 2019
• Surveyor-Tool Simplified
• State Operations Manual – Appendix Z Emergency Preparedness

NYS Department of Health Emergency Preparedness

ASSISTED LIVING EP REGULATIONS:

• AH: Disaster and Emergency Planning
• EHP: Disaster and Emergency Procedures
• ALR/SNALR/EALR: Disaster and Emergency Planning

SKILLED LIVING EP REGULATIONS:

• https://www.health.ny.gov/environmental/emergency/
• https://www.health.ny.gov/environmental/emergency/health_care_providers/

Agencies/Contact Information:

Workplace Violence

Violence in the workplace can range from a bomb threat to being physically attacked by a fellow employee or patient to being verbally abused or harassed by a boss or coworker. The following resources provide information on how to deal with violence in your workplace.

Workplace Violence Resources

Active Shooter

If an armed gunman enters your facility and started shooting, you have no time to learn how to deal with the situation. The resources listed below will help you plan and prepare so you will know what to do if an active shooter enters your facility.

Active Shooter Resources

Cyber Alert

Several federal agencies have identified that the actor known as Sandworm or Voodoo Bear is using a new malware, referred to here as Cyclops Blink. This advisory summarizes the VPNFilter malware it replaces, and provides more detail on Cyclops Blink, as well as the associated tactics, techniques and procedures (TTPs) used by Sandworm

NYSDOH wanted to alert IT staff to make sure there is no impact on medical devices:

• New Sandworm Malware Cyclops Blink Replaces VPNFilter | CISA
• NYSDOH_Cybersecurity_Reporting_Procedure.2020.11.2

 

CISA recommends all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets. Recommended actions include:

Reduce the likelihood of a damaging cyber intrusion

• Validate that all remote access to the organization’s network and privileged or administrative access requires multi-factor authentication.
• Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA.
• Confirm that the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes.
• If the organization is using cloud services, ensure that IT personnel have reviewed and implemented strong controls outlined in CISA’s guidance.
• Sign up for CISA’s free cyber hygiene services, including vulnerability scanning, to help reduce exposure to threats.

Take steps to quickly detect a potential intrusion

• Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior. Enable logging in order to better investigate issues or events.
• Confirm that the organization’s entire network is protected by antivirus/antimalware software and that signatures in these tools are updated.
• If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic.

Ensure that the organization is prepared to respond if an intrusion occurs

• Designate a crisis-response team with main points of contact for a suspected cybersecurity incident and roles/responsibilities within the organization, including technology, communications, legal and business continuity.
• Assure availability of key personnel; identify means to provide surge support for responding to an incident.
• Conduct a tabletop exercise to ensure that all participants understand their roles during an incident.

Maximize the organization’s resilience to a destructive cyber incident

• Test backup procedures to ensure that critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyberattack; ensure that backups are isolated from network connections.
• If using industrial control systems or operational technology, conduct a test of manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.

By implementing the steps above, all organizations can make near-term progress toward improving cybersecurity and resilience. In addition, while recent cyber incidents have not been attributed to specific actors, CISA urges cybersecurity/IT personnel at every organization to review Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure. CISA also recommends organizations visit StopRansomware.gov, a centralized, whole-of-government webpage providing ransomware resources and alerts.

Resources

Natural Disasters & Severe Weather

Fires, earthquakes, floods, hurricanes, tornadoes and extreme heat and cold can all wreak havoc on the physical structure of your facility and the safety of residents and patients. These resources can help you cope and keep those under your care safe and secure.

Natural Disasters & Weather Resources