December 24 – 30, 2018

Click the read more button to find out this week’s information from Centers for Disease Control and Prevention (CDC), Centers for Medicare and Medicaid Services (CMS), Homeland Security, Federal Emergency Management Agency (FEMA), Assistant Secretary for Preparedness and Response (ASPR), Hospital Preparedness Program (HPP), Assistant Secretary for Preparedness and Response Technical Resources, Assistance Center, and Information Exchange (ASPR TRACIE), Virginia Hospital and Healthcare Association (VHHA), Virginia Department of Health (VDH), Virginia Department of Emergency Management (VDEM), and other miscellaneous sources.

Next Northwest Region Healthcare Coalition Monthly Meeting

Thank you for all you do to care for and protect the health of the patients, residents, and the whole community. We wish you a happy holiday season and a great new year!

The next regional coalition meeting is Thursday January 10th at 10:30 am and this is our quarterly in-person meeting.
We will meet at Harrisonburg Rescue Squad, 1700 Reservoir St, Harrisonburg, VA 22801.

Our normal meeting location, the Rockingham County Fire and Rescue Training rooms, is no longer available because the rooms are being converted to office space. 


Wow! Our website has reached over 1,800 viewers. Let’s keep it going by informing anyone who has an interest in the Regional Coalition and the information we provide.

To access our website click here. Don’t forget to visit the Events calendar as we add several training events without announcing them in the weekly updates.

We have developed a one page understanding of the regional coalition that can be shared between coalition partners. To view the regional “one-pager” please click here.

 Virginia Hospital & Healthcare Association

Virginia Department of Health

2019 Public Health and Healthcare Preparedness Academy

The 2019 Public Health and Healthcare Preparedness Academy will be held on March 19-21,2019 at the Founders Inn in Virginia Beach. The theme this year for the Academy is Responding to 21st Century Emerging Threats.

The Northwest Region will reimburse attendees who are employed by the partners located within the region. For additional information, please contact Matt Cronin, Exercise and Training Specialist, Northwest Region Healthcare Coalition.

The Founders Inn has started accepting reservations for rooms. The link to book a room can be found hereYou may also call 757-366-5700 to book reservations under this group. The Founders Inn and Spa is officially a Hilton Hotel! Our new name is The Founders Inn and Spa, Tapestry Collection by Hilton. If you are Hilton Honors members you can use your  Hilton Honors Points to stay at the hotel. If you are not a member, you  can join here.
Group Name: Virginia Public Health and Healthcare Preparedness Academy
Arrival Date: 18-Mar-2019
Departure Date: 22-Mar-2019
Group code:  VPH

Examples of 21st Century Threats Include:

  • Hurricanes
  • Wildfires
  • Environmental impacts of fracked gas pipelines
  • Civil unrest/terrorism
  • Gun violence
  • Opioid epidemic
  • Emerging biological threats
  • Cybersecurity threats
  • Increasing stress on the social determinants of health (economic insecurity, etc)

 Assistant Secretary for Preparedness and Response


Assistant Secretary for Preparedness and Response Technical Resource,                                                                                                                             Assistance Center, and Information Exchange

Hospital Preparedness Program



Healthcare and Public Health Sector Highlights Cybersecurity Edition

December 21, 2018

1. Update: Malicious Cyber Activity Targeting IT Service Providers

On December 12, 2018, The Department of Homeland Security (DHS) Cybersecurity and Infrastructure and Security Agency (CISA) released information on Chinese government malicious cyber activity targeting global information technology (IT) service providers—such as managed service providers and cloud service providers—and their customers.  A group of Chinese cyber actors associated with the Chinese Ministry of State Security has carried out a campaign of cyber-enabled theft targeting global technology service providers and their customers. An indictment unsealed Thursday, December 20, 2018, accuses the nationals of being members of a hacking group known as APT10, also known as Stone Panda and MenuPass. Over the past four years, these actors have gained access to multiple U.S. and global managed-service and cloud providers and their customers in an effort to steal the intellectual property and sensitive data of companies located in at least 12 countries. These threat actors are actively exploiting trust relationships between information technology (IT) service providers—such as managed service providers and cloud service providers—and their customers.

At this time, all known victims of this activity have been notified by CISA and/or the Federal Bureau of Investigation (FBI). However, because there may be additional victims not yet identified, CISA recommends all IT service providers and their customers follow the recommendations, tools, and actions described in  and take appropriate steps as specified in the guidance for service providers and their customers.

2. HHS Health Sector Cybersecurity Coordination Center Threat Briefings

The HHS Health Sector Cybersecurity Coordination Center (HC3) released the following TLP: white threat intelligence briefing report on:

For questions on the report, contact More information on the Traffic Light Protocol (TLP) designations is available via the US-CERT website

3. HC3 Whitepaper: Emotet

HC3 has released a white paper on Emotet, which is currently one of the more prolific, destructive, and costly malware programs cybercriminals use to target organizations across all sectors. Organizations hit with Emotet can face up to $1 million in recovery costs up to recover from network-wide infections, full network compromises, data breaches, account takeovers (ATO), and cyberespionage activities. At this point Emotet has modules for capturing passwords, sending malicious spam (MALSPAM), and stealing user credentials, as well as modules to fetch and install other malicious payloads, such as ransomware. Emotet is frequently spread through e-mail campaigns, and the US Healthcare and Public Health (HPH) sector faces significant risk from, and is sometimes specifically targeted by, these campaigns. (Link

4. HHS Seeks Public Input on Improving Care Coordination and Reducing Regulatory Burdens of HIPAA Rules

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), issued a Request for Information (RFI) seeking input from the public on how the Health Insurance Portability and Accountability Act (HIPAA) Rules, especially the HIPAA Privacy Rule, could be modified to further the HHS Secretary’s goal of promoting coordinated, value-based healthcare. This RFI is a part of the Regulatory Sprint to Coordinated Care, an initiative led by Deputy Secretary Eric Hargan. (Link)

5. FDA Workshop: Content of Premarket Submission for Management of Cybersecurity in Medical Devices

On January 29-30, 2019, The Food and Drug Administration (FDA)  will hold a public Workshop entitled “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices.” The purpose of the workshop is to discuss the newly released draft guidance Content of Premarket Submissions for Management of Cybersecurity in Medical Devices. FDA seeks to bring together diverse stakeholders to discuss, in-depth, the draft guidance, “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices” and the sub-topic of the draft guidance regarding a Cybersecurity Bill of Materials (CBOM), which can be a critical element in identifying assets, threats, and vulnerabilities.  Register for the event online today

Credit: Centers for Disease Control and Prevention


Credit: Centers for Medicare and Medicaid Services


         U.S. Department of Homeland Security 

Federal Emergency Management Agency


Virginia Department of Emergency Management

1. ICS 300 Intermediate ICS for Expanding Incidents

Dates:             January 9-10, 2019
Time:             8:00 a.m. to 6:00 p.m.
Location:       Madison Fire Station, 1223 North Main ST, Madison, VA 22727

Description: This 18-hour classroom course is designed for front-line personnel with supervisory responsibilities to serve in a command or general staff position. The three-day curriculum includes instruction in general principles associated with incident command, along with various tabletop exercises that allow students to put this knowledge to practical use.

Prerequisites: Applicants must document completion of all of the following prerequisites to be considered for enrollment. Successful completion of accredited versions of: (Required) IS 100 and IS 200 – (recommended) IS 700 and IS 800.

Please email certificates to:

Tamara Del Rosario
Academic Support Technician
Phone: 804-897-9676

Registration:  Registration is OPEN and will remain open until January 4, 2019.  To register, log-in to the Commonwealth of Virginia Learn Center: When searching for this course in the VLC, use this keyword:  ICS 300.  Be sure to select the ICS 300 (11) option from the list.  If you need assistance, please contact the Help Desk at 804-897-9995.

2. L0101 Foundations of Emergency Management

Applications are now being accepted for the upcoming L0101 Foundations of Emergency Management course. This two-week course is the first of five in the EM Basic Academy program. This course is highly recommended for new as well as experienced members of the emergency management community as it provides a comprehensive view of the profession’s core functions, policies, and goals. To this end, this course is required for all VDEM staff. Click here for more information and the application packet. 

Dates: Week 1: February 4-8, 2019

Location: McConnell Public Safety and Transportation Operations Center, 4890 Alliance Drive, Fairfax, VA  22030

Dates: Week 2: March 4-8, 2019

Location: Virginia Department of Emergency Management, 10501 Trade Court, N. Chesterfield, VA 23236

Please submit your completed application by November 16th.  If you have questions, please contact Candice Crockett.

Candice Crockett
Interim Academic Support Coordinator
Training, Education and Exercise Division
Virginia Department of Emergency Management
10501 Trade Court
Richmond, VA 23236
(804) 897-9780 office
(804) 385-7487 cell

3. G556 Damage Assessment Course

Dates: February 27, 2019
Times: 8:00 a.m. to 5:00 p.m.
Location:Zehmer Hall on UVA Grounds (Rooms C/D)
104 Midmont Ln.
Charlottesville, VA 22903

To Register: Click here
Deadline to register is February 22, 2019.
This 1 day course is designed to enable the direction of emergency response personnel and resources to the most appropriate areas and help identify the need for additional resources during an emergency or disaster.

Target Audience: This course is for state and local officials who are responsible for assessing, collecting, and reporting damages during and after any event that causes damage of private, public, and critical infrastructure.
The purpose of this course is to build local capacity for damage assessment by enabling you to develop or refine a damage assessment program for your community. In this course, you will acquire the knowledge and skills needed to be able to conduct efficient and effective damage assessments in order to save lives, protect property and the environment, and to begin the process of recovery and mitigation.

Prerequisite: Recommended FEMA’s Independent Study (IS)
IS-100.b Introduction to the Incident Command System
IS-200.b ICS for Single Resources and Initial Action Incidents
IS-700.a National Incident Management System (NIMS)
IS-800.b National Response Framework
IS-120.a An Introduction to Exercises
IS-130 Exercise Evaluation and Improvement Planning

Registration Instructions: Registration will be done electronically via the Commonwealth of Virginia Learning Center at: Deadline to register is February 22, 2019.
If you need help or have questions, please contact the Help Desk at 804-897-9995, 8-5 M-F or email:

1. Memorandum of Understanding

We are pleased to announce that the Northwest Region Healthcare Coalition has begun receiving requests to sign a Memorandum of Understanding (MOU) between the coalition and non-hospital facilities. The MOU is designed for healthcare facilities that are not classified as an Acute Care or Critical Access hospital, and it is good for five (5) years before it will need to be renewed. If your your organizations resides with the Northwest Region and has not signed the MOU, you can contact either the Regional Coordinator or the Medically Vulnerable Populations Coordinator to find out more details.

We are expanding our outreach to healthcare agencies within the region as a way of offering assistance to you and your organization. We ask for everyone’s help to spread the word by talking with your colleagues about the Northwest Region Healthcare Coalition. You can contact us by clicking the Contact Us tab on our website.

2. How Sentara hospitals used copper to drop infection rates

Copper-infused patient gowns, pillowcases, bed sheets, blankets and towels helped decrease infection rates at six hospitals owned by Norfolk, Va.-based Sentara Healthcare, a study published in the Journal of Hospital Infection found.

The researchers compared healthcare-associated infection rates in six Sentara Healthcare hospitals in three parallel periods before and after replacing regular linens with copper-infused ones.

Using the products by Cupron — a copper-based antimicrobial technology company — significantly decreased occurrences of Clostridium difficile infections and infections caused by multidrug resistant organisms such as Methicillin-resistant Staphylococcus aureus and Vancomycin-resistant Enterococcus, the study found.

“This study of Cupron’s medical textiles alone validates their effectiveness in preventing hospital-acquired infections in a real world clinical setting, along with a robust infection prevention protocol,” Jacque Butler, director of infection control and prevention at Sentara Healthcare, told CBS-affiliated television station WTKR.

Source: Megan Knowles of Becker’s Clinical Leadership & Infection Control

3. EPA announces final rule to set new standards on hazardous waster pharmaceuticals

Get the word out to everyone in your organization who handles hazardous waste pharmaceuticals that soon, flushing or rinsing those drugs down a drain into the sewers will be specifically prohibited by the EPA.

That’s harder. On the easier end, you can tell your nurses that the packaging for a patient’s nicotine patch, gum, or lozenge might soon go straight into the regular trash—as long as it is FDA-approved as an over-the-counter nicotine replacement therapy and your state signs off on the exemption of the packaging as hazardous waste under the federal Resource Conservation and Recovery Act (RCRA).

Those are just some of the changes you can expect in handling hazardous waste pharmaceuticals at your facility or business now that the Environmental Protection Agency has finalized its long-awaited “Management Standards for Hazardous Waste Pharmaceuticals and Amendment to the P075 Listing for Nicotine.”

The rule creates a new subpart P under RCRA that manages hazardous waste pharmaceuticals across a wide array of industries, including hospitals, physician offices, ambulatory care, and other providers who “distribute, sell, or dispense pharmaceuticals, including over-the-counter pharmaceuticals, dietary supplements, homeopathic drugs, or prescription pharmaceuticals,” according to the EPA.

Under the provision, in general, the EPA says hospitals 

  • will no longer have to count hazardous waste pharmaceuticals in calculating generator status (those drugs often sent facilities into large-quantity generator, or LQG, status);
  • can collect and manage hazardous waste pharmaceuticals from satellite facilities as long as they are under the same business umbrella;
  • can accumulate the drugs on site without a RCRA permit for up to 365 days, an increase of 275 days over current regulations;
  • but will have specific basic training requirements associated with those managing hazardous waste pharmaceuticals.

Experts in hazardous waste management in healthcare hailed the ruling as a breakthrough in finally putting a regulatory focus on the need to better control the amount of pharmaceuticals going into the environment while easing up on confusing and often unnecessary restrictions that cost both money and cause aggravation in the healthcare sector.

Another big plus for hospitals in the final rule is that drugs considered controlled substances are no longer considered hazardous waste, erasing concerns about competing regulations between the EPA and the Drug Enforcement Agency.

The rule’s provisions will become effective within six months of its publication in the Federal Register. While the rule has been signed and is expected to be published in the Federal Register before the end of December, there is still the question of when states with their own RCRA-authorized programs will adopt the new regulations.

Source: A.J. Plunkett of Hospital Safety Insider