Skip to content

2023-2024 HCSWPA Cybersecurity Survey

The Capability 3 Workgroup seeks to identify the current cybersecurity measures and vulnerabilities of the HCSWPA member facilities / agencies / organizations.  The information collected in this survey will be used to determine a cybersecurity training and education program developed by the Training & Education Workgroup.

Please identify one individual from your facility / agency / organization to complete this survey.
1.Your Name:
First and Last Name(Required.)
2.Your Email Address:(Required.)
3.Your Role / Title Within Your Facility / Agency / Organization:(Required.)
4.Name of Your Facility / Agency / Organization:(Required.)
5.Facility / Agency / Organization Address:(Required.)
6.Facility / Agency / Organization Type:(Required.)
7.What is the current staff size within your Facility / Agency / Organization?(Required.)
8.Are you familiar with your Facility / Agency / Organization's cybersecurity policies and procedures?
(Required.)
9.Is your IT Department located locally within your Facility / Agency / Organization, or is it managed off-site by a third-party service?
(Required.)
10.Does your Facility / Agency / Organization have a dedicated cybersecurity team or personnel for managing and ensuring cybersecurity measures?
(Required.)
11.What types of sensitive data (e.g., patient records, financial information, etc.) does your Facility / Agency / Organization handle, and how is this information protected?
If your Facility / Agency / Organization does not have sensitive data to manage, please type N/A.(Required.)
12.Are cybersecurity training and awareness programs regularly provided to employees of your Facility / Agency / Organization?  If yes, how often do you participate in such training?

(Required.)
13.Does your Facility / Agency / Organization have a process for identifying and patching security vulnerabilities in software and systems?  If yes, how frequently are these updates applied?

(Required.)
14.Are strong authentication mechanisms (e.g., multi-factor authentication) required for accessing sensitive systems and data within your Facility / Agency / Organization? 
(Required.)
15.How often does your Facility / Agency / Organization conduct cybersecurity risk assessments or audits? 

If your Facility / Agency / Organization does not conduct cybersecurity risk assessments or audits, please type N/A.(Required.)
16.Have there been any past cybersecurity incidents or breaches within your Facility / Agency / Organization?  If yes, how were they addressed and what was learned from these incidents?
(Required.)
17.Does your Facility / Agency / Organization have any protocols in place for reporting and responding to potential cybersecurity incidents or breaches?
(Required.)
18.How does your Facility / Agency / Organization ensure the secure disposal of sensitive data and electronic devices?

If your Facility / Agency / Organization does not have a process in place to ensure the secure disposal of sensitive data and electronic devices, please type N/A.(Required.)
19.Are external third-party security assessments or penetration tests conducted to evaluate your Facility / Agency / Organization's security defenses?
(Required.)
20.Are personal device's allowed to access your Facility / Agency / Organization's wireless network?  If yes, what security measures are in place for these devices?(Required.)
21.Does your Facility / Agency / Organization have a data backup and recovery plan in case of a cybersecurity incident?  If yes, how frequently are backups performed?(Required.)
22.How does your Facility / Agency / Organization stay up to date about the latest cybersecurity threats and trends to adapt its defenses accordingly?(Required.)
23.Please share any additional information that may be helpful to the HCSWPA as it works to bolster the cybersecurity of its members: