NY State EP Alert 6.24.2025|Cybersecurity Threat
The Department of Health (DOH/the Department) is notifying health care providers about a likely increased risk of cyberattacks and high threat activity against the critical infrastructure of the United States. HCP extends this awareness to our non-provider members as well. In addition to the systems guidance below, DOH suggests organizations tighten physical security against breaches.
HCP joins the Department in urging home care providers to remain on high alert and monitor systems with increased vigor. Review your emergency management plan for cyber-related hazards to better respond to and report any cybersecurity incidents or threats. Ensure organization-wide awareness of these threats as well as staff understanding of your agency’s response plan generally, and cybersecurity incident response plan specifically.
Cybersecurity attack techniques include, but are not limited to distributed denial of service (DDoS), ransomware, and website defacement. Be sure all departments have appropriate backups of data and critical operating systems. Secure your systems against attacks by eliminating connections to public internet, securing remote access to your networks, and changing default passwords to strong, unique ones.
Reporting Requirement
See Dear Administrator Letter (DAL) HCBS 24-07 for instructions regarding home care agencies’ requirement to report any cybersecurity incident that is “likely to have a material adverse impact on operations or results in the deployment of ransomware within a material part of the facility’s or provider’s information systems.”
The report must be made to DOH “as soon as practicable” by calling the Surge Operations Center at (917) 909-2676. The Center will forward your contact information and current incident status to the appropriate department for further action.