When you think of a power outage happening to you or your business, you probably think of an outage lasting a few hours. Not the case with the recent massive power outage experienced in Moore County NC recently. So, that begs the question, do you have a response plan for experiencing a power outage lasting a week or more? You should.
In this episode:
Check Your Power Outage Plans – Ep 386
Today’s Episode is brought to you by:
Kardon
and
HIPAA for MSPs with Security First IT
Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity.
The Privacy and Security Boot Camp
3.5 day In Person Event
Mar 12, 13, 14 and 15, 2023
PriSecBootCamp.com
Great idea! Share Help Me With HIPAA with one person this week!
Learn about offerings from the Kardon Club
and HIPAA for MSPs!
Thanks to our donors. We appreciate your support!
If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com
Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA
If you see a couple of numbers on the left side you can click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!
HIPAA Say What!?!
[04:56] A security risk analysis (SRA) is required. We have discussed that several times. For each risk analysis, you should have a risk management plan to address the findings of the SRA. Another thing to consider is making sure the risks you identified are covered in your incident response plans. When making those plans, resist allowing yourself to use any “it won’t happen to us/me” assumptions. Things like a regional power outage for several days without a natural disaster are real considerations.This episode explains why that point is our Say What for today.
405(d) Tip of the Week
[11:23] New newsletter out for Dec loaded with interesting information, as always. The 405(d) Post, Volume XVIIIDon’t let the title of the main article intimidate you. If you deal with trying to secure any medical devices you really need to check out the article. The work done by the HSCC on model contract language for the security of those devices could be very helpful.
Model Contract-Language for Medtech Cybersecurity (MC2) – Health Sector Council
Check Your Power Outage Plans
[13:49] So many times we reviewed our threat catalog with clients and they would rate everything as a low likelihood. So low, in fact, they felt they shouldn’t worry about making a plan to deal with the case. Since 2020, we have started seeing some changes in those attitudes. Yes, we had a pandemic on our threat list but it was not taken as a serious risk even though many epidemiologists had warned for years that it was just a matter of time before a global pandemic would impact us all.Now, here we are in another Flu/RSV/COVID season in full swing with many people needing breathing treatments and urgent care clinics are packed without any other problem happening. That’s on top of all the other care our communities need on any other normal day. The weather is pretty dreary and definitely cold in many parts of the country. And all the normal end of year business and personal activities has everyone running ragged. Image dealing with some big problem right now. Several communities in the Moore County NC area have all of that made much worse with a power grid that has been attacked.
On Sat, Dec 3 around 7pm, two substations were disabled by a gunfire attack. While the cause of the situation remains to be seen the impact is being seen right now as we record this. It isn’t a problem that can easily be fixed any time soon either.
The community is dealing with the fall out from the attack as best they can.
The county declared a state of emergency: Moore County Declares State of Emergency Massive Power Outage Due to Criminal Activity
- A curfew is in place 9pm to 5am.
- All traffic lights are out.
- Stores are closed.
- Restaurants are closed.
- Schools are closed.
- All public services are closed. That includes garbage pickup that has been shut down.
- The Red Cross has opened some shelters but certainly not enough for the nearly 40K people without power.
- Cell coverage is very limited which means internet coverage is also limited.
- You can charge devices at some fire stations but only during certain hours.
What is happening with healthcare though? What kinds of things do you wish you had planned if this were happening to you right now?
The big healthcare system in the error published a public statement EMERGENCY RESPONSE: MOORE COUNTY POWER OUTAGE – FirstHealth of the Carolinas
Excellent news is they are up and running at the regional hospital:
While that is good news the clinics they operate for primary care and all other specialties are closed until power is restored. They are also postponing certain elective procedures. Urgent and emergency surgeries and procedures will be handled as needed.
They do have urgent care clinics in areas outside the power outage to go to. That is GREAT news unless you are one of those clinics.
[28:28] If you are a HDO:- How do you communicate with your team, your patients, your partners just to let them know what is happening?
- How will you do it for a whole week where batteries are going dead regularly and internet access is limited, at best?
- What about making sure your staff is doing ok themselves?
- What about patients who need oxygen at home?
- What about the packed waiting room you just had and knowing you can expect another one – if you were open?
- If the hospital has generators, like FirstHealth does at one location, are you going to go help them out there? How can you communicate with them?
- What perishables are stored at your office. Smelly tuna sandwiches is one thing but expensive medications and lab tests are a much bigger concern. How will you replace them quickly if you can’t save them?
- What about patients who have medication like insulin that must be kept refrigerated? Have you taught them what to do?
- If you are closed, how will you handle your staff who can’t work for a week right before the holidays?
- Are your clients trying to care for patients? How will you communicate with them to find out?
- How will you communicate with your team? Assuming you will have some in the “zone” and some outside it how can you leverage that?
- What kind of equipment can you use to help your clients who need to care for their patients? Mobile hotspots? Extra backup batteries?
- All of these servers, devices, and more coming back online after a direct hit to the power supply will require someone handling help desk calls galore. In theory, it shouldn’t but let’s work in reality here for our planning.
- All your projects planned for the weekend and this week have been tossed out the window. How will you get those rescheduled?
We often worry about cyber attacks here but, especially the way things seem to be going, we need to worry about those environmental things that can be triggered when people do unthinkable things for reasons we may never understand. This is an attack on our critical infrastructure which includes healthcare, power, water, emergency services and much more. There is a reason they are considered critical infrastructure is the huge impact their loss has on our communities as a whole.
The power outage is devastating for the Moore County residents. It’s likely most folks thought something like this would never happen to them, until it did. We always recommend learning from others’ mistakes or circumstances. So, use this as an opportunity to imagine it’s happening to you and take the time to put together a plan now. We will likely see someone else try something similar.
Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!
HIPAA is not about compliance,
it’s about patient care.TM
Special thanks to our sponsors Security First IT and Kardon.
