Skip Navigation
CEPAR LOGOCEPAR Title

CEPAR HOME 


ABOUT CEPAR 


OUR WORK - DISASTER PLANNING APPS 


THREAT LEVELS 


THREAT INFORMATION RESOURCES 


HOPKINS GO TEAM 


EDUCATION & TRAINING 


NEWS OF INTEREST 


RELATED SITES 


ARTICLES, PAPERS & POLICY STATEMENTS 


Intranet Login
 

CEPAR
Johns Hopkins University
5801 Smith Avenue
Davis Building · Suite 3220
Baltimore, MD 21209
Phone: 410.735.6450
Fax: 410.735.6440
Directions to CEPAR (PDF)

Support CEPAR

See more in:


When Cyberattacks Happen


Ensuring the safety of our information technology infrastructure is an important aspect of daily operations around Johns Hopkins. But what if a cyberattack happens? According to Darren Lacey, the chief information security officer and director of IT compliance for The Johns Hopkins University and Johns Hopkins Medicine, his staff investigates 20 to 30 incidents a day. To keep our network safe, he says his team constantly tests our environment to determine vulnerabilities.

In a continued effort to prepare for cyberattacks, cyber security was the focus of a recent workshop hosted by the Johns Hopkins Medicine Office of Emergency Management and CEPAR. The purpose of the workshop was to determine how to maintain patient care, infrastructure operations and administrative functions if a cyberattack affects one or all organizations that are part of Johns Hopkins Medicine. Emergency planners and IT representatives were in attendance.

At the workshop, both emergency planners and IT representatives brought analyses summarizing strengths, weakness, opportunities and threats to identify best practices across Johns Hopkins Medicine and highlight the uniqueness of their operations in developing a tiered response based on the extent of the cyberattack. Representatives from Information Security also provided an orientation on how emergency planners and IT should respond to a potential attack, and when response and recovery procedures should be implemented to maintain business continuity and continue seeing new patients.

After the workshop, Howard Gwon, senior director of emergency management for Johns Hopkins Medicine, created a template to develop and standardize response procedures across Johns Hopkins Medicine and provided lessons learned from a recent cyberattack affecting MedStar Health. Gabe Kelen, M.D., director of CEPAR, reviewed and endorsed the template as a tool to develop policy.   

The Office of Emergency Management and CEPAR are in the process of reviewing draft procedures relating to potential cyberattacks. Emergency planners and IT specialists are also continuing to work with clinical informatics departments to develop simulation exercises so employees know the proper procedures to follow if such an event occurs. In addition, Johns Hopkins Medicine organizations and CEPAR will conduct exercises in the coming year designed to test hospital continuity of operations and response coordination resulting from a potential information technology failure.