CARA - Comprehensive Automated Risk Assessment

Data Source Overview

Real-time Data Sources

CDC Social Vulnerability Index (SVI)
- County-level vulnerability themes
- Used for risk adjustments across all domains
- Source: CDC/ATSDR SVI API
- Annual Cache (365 days)
Wisconsin DHS Health Data
- Respiratory illness surveillance (Flu, COVID, RSV)
- County-level health metrics via web scraping
- Source: Wisconsin DHS Public Data
- Daily Cache (24 hours)
EPA AirNow API
- Real-time air quality index (AQI)
- County coordinates-based monitoring
- Multi-point sampling for tribal areas
- Hourly Updates
OpenWeatherMap API
- Current weather conditions
- Weather alerts and forecasts
- County-based coordinate queries
- Daily Cache (24 hours)
NOAA/NWS Climate Data
- Wisconsin climate projections (2025-2050)
- Heat forecasting and historical trends
- Strategic extreme heat methodology
- Annual Cache (365 days)

Static Data Sources

NCES SSOCS Survey (2019-2020)
- School Survey on Crime and Safety
- Wisconsin school safety indicators
- Integrated into active shooter risk model
- Static Dataset
Gun Violence Archive (GVA) 2023
- Mass shooting incidents by county
- Wisconsin-specific incident analysis
- Historical trend calculations
- Static Dataset
Wisconsin Tribal Boundaries
- 11 federally-recognized tribal areas
- GeoJSON boundary data
- Tribal jurisdiction mapping
- Static Geospatial Data
Wisconsin Health Departments
- 95 public health jurisdiction boundaries
- HERC region mappings
- Service area definitions
- Static Geographic Data

Synthetic Risk Models

Cybersecurity Risk
- County-based statistical modeling
- Population and infrastructure factors
- SVI vulnerability adjustments
- Model-Based
Utilities Risk
- Infrastructure resilience modeling
- County-level risk estimates
- Based on demographic factors
- Model-Based

Data Transparency Commitment

Real Data Sources: All API integrations use authentic government and scientific data
Cache Strategy: Appropriate refresh intervals based on data source update frequency
Static Datasets: Clearly identified with version dates and source attribution
Model-Based Components: Transparently labeled as synthetic risk calculations
No Placeholder Data: All risk scores are based on real data inputs or documented statistical models

Data Validation Process

Data Caching Strategy

Our persistent caching system optimizes data retrieval while maintaining data quality and integrity:

Annual Data (365-day cache): CDC Social Vulnerability Index, NOAA Climate Projections
Daily Data (24-hour cache): Wisconsin DHS Health Data, Weather alerts and forecasts
Hourly Data (1-hour cache): EPA AirNow API air quality index
Static Data (No cache expiry): NCES SSOCS Survey, Gun Violence Archive 2023, Tribal boundaries

Each data source has appropriate validation checks and error handling protocols.

Data Source	Validation Method	Frequency
CDC Social Vulnerability Index	API response validation County FIPS code verification SVI theme score range checks (0.0-1.0) Error handling with graceful degradation	Annual with 365-day cache
Wisconsin DHS Health Data	Web scraping data extraction County name normalization Disease activity metric validation Temporal consistency checks	Daily with 24-hour cache
EPA AirNow API	Coordinate-based query validation AQI value range verification (0-500) Multi-point sampling for tribal areas API key authentication and retry logic	Hourly with 1-hour cache
NCES SSOCS & GVA Static Data	Data file integrity verification Wisconsin-specific filtering County mapping validation Statistical calculation verification	Static datasets with version tracking

Risk Prioritization and Percentile Ranking

To enhance risk prioritization and create a more equitable distribution for comparing jurisdictions, we implement a percentile-based ranking system alongside absolute risk scores.

Absolute Risk Scores

Scale: 0.0 to 1.0
Calculation: Based on raw data inputs, SVI adjustments, and risk modeling
Interpretation:
- Low Risk (0.0 - 0.3)
- Medium Risk (0.3 - 0.6)
- High Risk (0.6 - 1.0)
Purpose: Provides absolute measure of risk based on defined risk factors

Percentile Rankings

Scale: 0 to 100th percentile
Calculation: Statistical percentile rank among all assessed jurisdictions
Interpretation:
- High Readiness Level (0-50th percentile)
- Moderate Readiness Level (50-80th percentile)
- Development Needed (80-100th percentile)
Purpose: Enables relative prioritization across jurisdictions, regardless of absolute risk values

Percentile Ranking Implementation

Percentile rankings are calculated for:

Overall Risk Score: Prioritization across all risk dimensions
Individual Hazard Types: Each hazard has its own percentile ranks (flood, tornado, etc.)
Risk Components: Component-specific percentiles (exposure, vulnerability, resilience)

This approach allows emergency managers to identify where their jurisdiction stands relative to others in Wisconsin, enhancing resource allocation decisions and mutual aid planning.

Temporal Risk Component Framework

Our new Baseline-Seasonal-Trend-Acute (BSTA) framework for risk assessment provides a more nuanced understanding of risks over time by decomposing risk scores into four temporal components:

Baseline (50%)

Long-term structural risk that changes very slowly (1-10 years)

Characteristics:

Represents fundamental risk exposure
Based on geographical, infrastructural, and demographic factors
Relatively stable over long periods

Intervention Focus: Long-term infrastructure and capacity building

Seasonal (20%)

Predictable cyclical variations throughout the year

Characteristics:

Follows annual patterns (e.g., winter storms in winter, tornadoes in spring/summer)
Highly predictable based on historical patterns
Specific to hazard types and geography

Intervention Focus: Cyclical preparedness activities

Trend (20%)

Medium-term directional changes (2-5 years)

Characteristics:

Represents emerging patterns from climate change, population shifts, etc.
Shows increasing or decreasing risk trajectory
May indicate effectiveness of mitigation efforts

Intervention Focus: Strategic planning and adaptation

Acute (10%)

Short-term, event-driven spikes (days to weeks)

Characteristics:

Current active events or immediate threats
Temporary but potentially severe elevation in risk
Requires real-time monitoring and alerts

Intervention Focus: Immediate response and resource allocation

Benefits of the BSTA Framework

This framework enables more nuanced and actionable risk information:

Improved resource allocation: Target interventions to the appropriate time scale
Enhanced planning: Prepare for both predictable patterns and emerging trends
Real-time responsiveness: Integrate current conditions for up-to-date risk assessment
Better communication: Provide context to stakeholders about the nature of risks

Temporal Patterns by Hazard Type

Hazard Type	Seasonal Peak	Trend Direction	Acute Detection
Flood	Spring (March-June)	Increasing due to climate change	Weather alerts, river gauges
Tornado	Late Spring/Summer (April-August)	Variable, subject to climate patterns	Severe storm warnings
Winter Storm	Winter (November-March)	Stable, but greater extremes	Winter storm warnings, ice alerts
Extreme Heat	Summer (June-September)	Increasing due to climate change	Heat advisories, air quality alerts
Infectious Disease	Variable by pathogen (respiratory in winter)	Variable, affected by vaccination rates	Disease surveillance systems

Enhanced Extreme Heat Risk Methodology

Climate-Adjusted Risk Assessment

Our enhanced extreme heat risk methodology incorporates climate change projections and uses only quantitative, publicly accessible data sources for complete transparency and replicability.

Data Sources

NOAA State Climate Summaries: Regional warming projections, heat frequency increases
EPA Heat Island Reports: Urban amplification factors, infrastructure vulnerability
CDC Social Vulnerability Index: Heat-sensitive demographics, housing conditions
NOAA Technical Reports: Wet bulb temperature calculations, humidity effects
IPCC AR6 Projections: Regional climate trends, multi-day heat events

Calculation Framework

Exposure: Geographic base × Climate frequency × Urban heat island
Vulnerability: SVI demographics × Heat-specific factors
Resilience: Infrastructure capacity × Adaptation penalty
Climate Adjustment: 40% frequency increase, 3°F warming
Wet Bulb Integration: Humidity-adjusted physiological limits

Scientific Transparency

All calculations use publicly accessible datasets with documented methodologies. The enhanced framework produces realistic risk scores that reflect current climate science while maintaining complete replicability for public health planning.

Multi-Dimensional Risk Framework

Our new multi-dimensional risk framework provides enhanced analysis of risk factors by breaking down each hazard into three key components:

Exposure

The likelihood and magnitude of the hazard itself based on historical data, geographical factors, and climate patterns.

Key Factors:

Event frequency
Historical severity
Projected trends
Geographic location

Data Sources: FEMA NRI, NOAA, NWS historical records

Vulnerability

Population and infrastructure susceptibility to the hazard, including demographic factors that increase risk.

Key Factors:

Demographic characteristics
Housing quality
Medical conditions
Socioeconomic status

Data Sources: CDC SVI, Census ACS, WI DHS

Resilience

Community capacity to absorb and recover from the hazard impact, including emergency response capabilities.

Key Factors:

Resource availability
Emergency infrastructure
Healthcare capacity
Community support systems

Data Sources: WEM data, HERC statistics, health department records

Implementation Note

The multi-dimensional approach provides more actionable insights than a single risk score by allowing emergency managers to target specific weaknesses (e.g., "Your community has high exposure but low resilience - focus on building recovery capacity").

This framework is implemented for all key natural hazards:

Flood Risk: Exposure (historical events, proximity to water, terrain), Vulnerability (population, infrastructure), Resilience (community capacity)
Tornado Risk: Exposure (historical patterns, seasonal factors), Vulnerability (building types, mobile homes), Resilience (warning systems, shelters)
Winter Storm Risk: Exposure (snowfall patterns, extreme cold frequency), Vulnerability (infrastructure, isolated areas), Resilience (road clearing, power capacity)
Thunderstorm Risk: Exposure (lightning density, severe storm frequency), Vulnerability (infrastructure, building stock), Resilience (warning systems, recovery capacity)
Extreme Heat Risk: Climate-adjusted exposure (NOAA projections, urban heat island), SVI-enhanced vulnerability (demographics, housing), infrastructure resilience capacity, wet bulb temperature considerations
Utilities Risk: Exposure (outage frequency, system age), Vulnerability (population density, critical facilities), Resilience (backup systems, recovery protocols)
Cybersecurity Risk: Threat Landscape, Vulnerability, Capability components
Active Shooter Risk: Historical Incident Density, School & Youth Vulnerability, Social & Community Fragility, Mental Health & Behavioral Health Risk, Access to Lethal Means (detailed methodology)

Social Vulnerability Index (SVI) Integration

The CDC's Social Vulnerability Index (SVI) is integrated throughout our risk assessment methodology as a critical multiplier that enhances the accuracy of various risk calculations.

What is SVI?

The Social Vulnerability Index uses 15 U.S. census variables to identify communities that may need additional support before, during, or after disasters. SVI indicates the relative vulnerability of every U.S. Census tract on four main themes:

Socioeconomic Status: Poverty, employment, income, education
Household Composition: Age, single-parent households, disability status

Minority Status: Race, ethnicity, language barriers
Housing Type & Transportation: Housing structure, crowding, vehicle access

How SVI Enhances Risk Calculations

SVI Theme	Affected Risk Types	Adjustment Method	Maximum Impact
Housing & Transportation	Flood Risk Tornado Risk Winter Storm Risk Thunderstorm Risk	Multiplier based on housing vulnerability, affecting structural risk factors and evacuation capabilities	Up to 50% increase in base risk for maximally vulnerable communities
Socioeconomic Status	Extreme Heat Risk (primary) Flood Risk (secondary) Tornado Risk (secondary) Winter Storm Risk (secondary) Thunderstorm Risk (secondary) Utilities Risk (secondary) Active Shooter Risk (secondary) Cybersecurity Risk (secondary)	Primary multiplier (40%) for Extreme Heat Risk reflecting access to cooling resources; Secondary multiplier (25%) for all other risk types reflecting resource access, recovery capacity, and disaster resilience	Up to 40% increase for Extreme Heat Risk and up to 25% increase for all other risk categories in communities with high socioeconomic vulnerability
Household Composition	Active Shooter Risk	Adjustment factor based on household vulnerability and evacuation challenges	Up to 30% increase in risk score for communities with vulnerable household compositions
Overall SVI	Health Risk Metrics Resource Allocation Guidance	Incorporated in existing health vulnerability calculations, affecting response capacity assessment	Built into disease impact calculation and resource recommendations

Implementation Note

SVI data is incorporated as a vulnerability multiplier, not as a primary risk driver. This approach ensures that risk assessments reflect both hazard likelihood (from primary data sources) and community vulnerability factors (from SVI), providing a more comprehensive and equitable risk assessment.

Socioeconomic Factor Universal Application: We've implemented socioeconomic vulnerability as a secondary factor across all risk types (25% maximum impact) because communities with fewer economic resources face greater challenges in emergency preparedness, response, and recovery regardless of the hazard type. This approach ensures that resource allocation and preparedness planning account for areas where economic disparities could exacerbate disaster impacts.

Verify Our Data Sources

You can independently verify our real-time data through these official sources:

Data Sources and Risk Calculations

Residual Risk Calculation Framework (v1.7.0)

Our risk assessment methodology now incorporates an enhanced residual risk calculation formula that provides more accurate, jurisdiction-specific risk prioritization without comparison to other jurisdictions. The latest update (v1.7.0) adds a health impact factor from FEMA NRI data:

Residual Risk = [(Exposure × Vulnerability) - (Resilience × Maximum Risk)] × Health Impact Factor

This formula represents a significant advancement in risk assessment methodology with the following components:

Exposure

Represents the likelihood and magnitude of a hazard event occurring. Factors include historical occurrence rates, geographic vulnerability, and event forecasting models.

Vulnerability

Measures the susceptibility of a jurisdiction to harm from the hazard. Includes population characteristics, infrastructure susceptibility, and socio-economic factors from the CDC's Social Vulnerability Index.

Resilience

Represents a jurisdiction's capacity to resist, absorb, and recover from hazards. Higher resilience values (0-1 scale) directly reduce the overall risk score, reflecting preparedness investments.

Maximum Risk

A calibration constant (default: 1.0) that ensures all risk scores are properly scaled. This allows for consistent interpretation across different hazard types.

NEW Health Impact Factor

A multiplier (0.8-1.5) derived from FEMA's National Risk Index (NRI) data that adjusts risk based on health-related consequences. It incorporates:

Expected Annual Loss of Population: Direct health impacts based on historical mortality
Social Vulnerability components: Health-specific vulnerabilities from CDC SVI data
Healthcare Access metrics: Distance to care and healthcare system capacity
Population with Disabilities: Percentage of population requiring specialized assistance

The factor amplifies risks with significant health consequences (>1.0) and de-emphasizes those with minimal health impacts (<1.0).

Risk Scale Interpretation:

0.0-0.3 High Readiness Level - Low residual risk due to strong preparedness
0.3-0.6 Moderate Readiness Level - Moderate risk requiring some improvements
0.6-1.0 Development Needed - Higher risk requiring significant investment

Benefits of the new approach:

Provides jurisdiction-specific prioritization without comparison to others
Directly acknowledges how resilience counters specific risks
Enables high resilience to significantly reduce even high exposure/vulnerability
More accurately reflects real-world risk dynamics
Applies consistently across all hazard types including flood, tornado, winter storm, thunderstorm, extreme heat, infectious disease, active shooter, and all utilities risks

Visual Risk Prioritization System (v1.6.0)

Our visual risk prioritization system helps agencies clearly identify and address their most critical risks with intuitive visual elements:

Risk Scoring Framework

Raw Risk Score (0.0-1.0): Calculated from multiple data sources
Risk Classification:
- High Risk: 0.6-1.0
- Medium Risk: 0.3-0.6
- Low Risk: 0.0-0.3
Visual Impact Indicators: Progress bars showing relative risk magnitude

Prioritization Benefits

Clear Risk Ordering: Risks are sorted by priority in descending order
Intuitive Visualization: Impact bars provide immediate visual cues
Resource Allocation: Helps agencies focus on most critical threats
Tailored Action Plans: Recommendations match the risk severity

Note: The visual prioritization system in v1.5.0 replaces the percentile ranking approach from v1.4.0. This change provides a more intuitive risk assessment format that focuses on absolute risk levels rather than relative ranking among jurisdictions.

NEW: Five-Domain Active Shooter Risk Framework (v1.8.0)

In version 1.8.0, we've enhanced our risk assessment methodology with improved active shooter risk assessment using the Five-Domain framework and NCES (National Center for Education Statistics) SSOCS (School Survey on Crime and Safety) data integration. This comprehensive approach provides more accurate risk scoring for all Wisconsin jurisdictions.

Five-Domain Framework

Active Shooter Risk = (0.25 × Historical) + (0.20 × School/Youth) + (0.20 × Social/Community) + (0.20 × Mental Health) + (0.15 × Lethal Means)

Each domain produces a score between 0.0-1.0, weighted by importance

The model uses five evidence-based domains that comprehensively assess active shooter risk factors. Each domain incorporates multiple data sources and metrics to create a robust risk assessment that can help jurisdictions prepare for and mitigate potential threats.

Key Improvements

NCES (National Center for Education Statistics) SSOCS (School Survey on Crime and Safety) Data: Added comprehensive school safety metrics
Improved GVA (Gun Violence Archive) Integration: Better city-to-county mapping for more accurate incident attribution
Detailed Documentation: Comprehensive methodology page with all data sources and calculations
Enhanced Youth Vulnerability: Additional metrics for school safety and youth disconnectedness
Better Data Attribution: Clear documentation of all data sources throughout the application

Risk Type	Data Sources	Data Scale	Calculation Method	Weight
Flood Risk	FEMA National Risk Index (NRI) Wisconsin Data Annual loss estimates Social vulnerability indicators Community resilience scores Wisconsin DNR Flood Hazard Data 100-year floodplain maps Historical flood records (1950-present) USGS Stream Gauge Data Real-time water levels Historical peak flows	Census Tract Level	Base score from NRI data (0-100 scale) Normalized to 0-1 scale using min-max normalization Historical trend analysis using 10-year moving average Additional weight factors: Population density (+0.1) Infrastructure vulnerability (+0.1) Mitigation measures (-0.1)	10%
Tornado Risk	FEMA NRI Wisconsin Data Historical tornado tracks Damage assessments Building exposure data Mobile home density (% of housing units) National Weather Service Storm Data Enhanced Fujita (EF) Scale ratings Path width and length measurements Time and date records Wisconsin Emergency Management Reports Response effectiveness metrics Recovery time analysis US Census Bureau Housing Data Mobile home percentage by jurisdiction Housing unit vulnerability metrics	Census Tract Level	Base score from NRI data (0-100 scale) Normalized to 0-1 scale Mobile home vulnerability adjustment: Base risk increased by factor of mobile home percentage Higher percentages of mobile homes increase vulnerability Maximum adjustment capped at 2x base risk Critical infrastructure adjustment: Prison facility count from FEMA RAPT Risk increased by 10% per facility Maximum 20% increase for multiple facilities Frequency adjustment based on: 30-year occurrence rate Average EF scale rating Seasonal probability factors	10%
Winter Storm Risk	FEMA NRI Wisconsin Data Winter storm frequency Impact assessments Infrastructure resilience data National Weather Service Records Snowfall accumulation data Ice storm frequency Wind chill statistics WI DOT Winter Operations Data Road treatment effectiveness Snow removal response times Equipment readiness metrics	Census Tract Level	Base score from NRI data (0-100 scale) Normalized to 0-1 scale Seasonal adjustment factors: Average snowfall (+0.1 per 10" above mean) Ice storm frequency (+0.05 per event) Road accessibility score (-0.1 to +0.1)	10%
Thunderstorm Risk	FEMA NRI Wisconsin Data Thunderstorm frequency Lightning strike density Wind gust data Property damage assessments NOAA Storm Event Database Historical severe thunderstorm records Damage reports by county Wind speed measurements National Weather Service Severe thunderstorm warnings Frequency of high wind events Lightning detection network data US Census Bureau Housing Data Housing construction quality metrics Storm shelter availability	Census Tract Level	Base score from NRI and NOAA data (0-100 scale) Normalized to 0-1 scale SVI adjustments: Housing vulnerability multiplier (up to 50% increase) Socioeconomic vulnerability factor (up to 25% increase) Additional risk factors: Tree coverage density (+0.05 to +0.15) Power infrastructure vulnerability (+0.1 to +0.2) Historical property damage rates (+0.05 to +0.15)	10%
Extreme Heat Events	NOAA State Climate Summaries - Wisconsin (2022) Regional warming projections (2-4°F by 2050) Heat event frequency increases (40% by 2050) RCP4.5 scenario data EPA Climate Change and Heat Islands (2021) Urban heat island amplification factors Infrastructure heat vulnerability Heat threshold guidelines NOAA Technical Report OAR CPO-2 (2020) Wet bulb temperature calculations Humidity-adjusted heat stress Physiological heat limits CDC Social Vulnerability Index 2020 Heat-sensitive demographics Housing vulnerability factors Cooling center availability CDC Environmental Public Health Tracking Urban heat island effects Demographic vulnerability data Air quality correlations	County Level	Enhanced Climate-Adjusted Framework: Exposure = Geographic base × NOAA climate frequency multiplier × Urban heat island factor Vulnerability = CDC SVI demographic factors × Heat-specific multipliers Resilience = Infrastructure capacity × Climate adaptation penalty Wet Bulb = Regional humidity patterns × Climate humidity increase Climate Trend = IPCC regional warming × Urban amplification Overall Formula: (Exposure × Vulnerability ÷ Resilience) × (1 + Wet_Bulb × 0.5) × Climate_Trend Climate Adjustments: 40% frequency increase (NOAA RCP4.5) 3°F temperature rise (Great Lakes region) 60% duration increase (IPCC AR6) 2.2x multi-day events (EPA) All calculations based on publicly accessible, quantitative datasets	10%
Infectious Disease Risk	Wisconsin DHS Surveillance Data Disease outbreak reports Vaccination coverage rates Healthcare access metrics County Health Department Records Local outbreak data Contact tracing effectiveness Testing capacity metrics CDC Community Health Indicators Social vulnerability index Healthcare facility density Population demographics	County Level	Base rate: 0.3-0.4 Adjusted by: Vaccination rate (-0.1 to +0.1) Population density factor (0.05 per 1000/sq mi) Healthcare access score (-0.1 to +0.1) Historical outbreak frequency (+0.05 per significant event)	20%
Active Shooter Risk	Five-Domain Risk Framework: Historical Incident Density (25%): GVA (Gun Violence Archive) data, crime patterns School & Youth Vulnerability (20%): NCES (National Center for Education Statistics) SSOCS (School Survey on Crime and Safety) data, youth factors Social & Community Fragility (20%): Social cohesion metrics Mental Health Risk (20%): Provider availability, access metrics Access to Lethal Means (15%): Availability factors Data Sources: Gun Violence Archive (GVA) NCES (National Center for Education Statistics) SSOCS (School Survey on Crime and Safety) 2019-2020 Census ACS (American Community Survey) & CDC (Centers for Disease Control) SVI (Social Vulnerability Index) View detailed methodology FBI Crime Data API Violent crime statistics County-level offense data Multi-year trend analysis HRSA Health Professional Shortage Areas Mental health provider shortages Healthcare access metrics County-level provider ratios	County Level	Five-Domain Weighted Formula: Historical Incident Density (25%) School & Youth Vulnerability (20%) Social & Community Fragility (20%) Mental Health Risk (20%) Access to Lethal Means (15%) Adjustments: SVI socioeconomic factor (up to 25%) Rural/urban density scaling Data quality confidence indicators	10%
Utilities Risk	Multi-dimensional Risk Components: Electrical Outage: Power grid reliability and backup capabilities Utilities Disruption: Water, gas, telecommunications systems Supply Chain: Critical supply availability and logistics Fuel Shortage: Fuel reserves and distribution networks NEW: Residual Risk Calculation Applied All utilities risk types now use the residual risk formula: (Exposure × Vulnerability) - (Resilience × Maximum Risk) This provides more accurate jurisdiction-specific risk assessments Directly accounts for resilience investments reducing overall risk Wisconsin Public Service Commission Data Outage frequency and duration statistics Critical infrastructure resilience metrics System age and maintenance factors Wisconsin Emergency Management (WEM) Utility vulnerability assessments Regional dependency mappings Resilience capability metrics	County Level	Component weighting: Electrical Outage (30%) Utilities Disruption (30%) Supply Chain (20%) Fuel Shortage (20%) Each component analyzed using: Exposure: Historical outage frequency, system vulnerabilities Vulnerability: Population density, critical facility dependency Resilience: Backup systems, recovery protocols, resource allocation SVI socioeconomic adjustment factor applied (max 25% increase)	10%
Cyberthreats	Wisconsin Department of Enterprise Technology (DET) Security incident reports Vulnerability assessment data Critical infrastructure protection metrics MS-ISAC (Multi-State Information Sharing & Analysis Center) Threat intelligence feeds Regional cyber incident data State-specific vulnerability alerts HHS HC3 (Health Sector Cybersecurity Coordination Center) Healthcare-specific threat intelligence Sector vulnerability reports Medical device security metrics Wisconsin Healthcare Emergency Preparedness Program Healthcare facility cybersecurity assessments IT infrastructure resilience scores Emergency response capabilities	Healthcare Facility Level	Base score derived from: NIST Cybersecurity Framework compliance score Recent incident frequency and severity Critical system vulnerability metrics Risk modifiers: Security control maturity (+/-0.1 per NIST tier level) Incident response capability (-0.1 for mature program) Connected medical device density (+0.05 per 100 devices) Staff security training completion (-0.05 per 90% compliance) Final score normalized to 0-1 scale	10%

Data Update Frequency

Wisconsin DHS Health Metrics Daily
OpenFEMA Facility Data Weekly
FEMA National Risk Index Quarterly
Representative Data Updates As Available

Verify Our Data Sources

You can verify our data directly through these official sources:

Detailed Documentation

For a comprehensive understanding of our risk assessment methodology, including:

Complete data source details
Current limitations
Future improvements
Validation methods

Download Complete Methodology (PDF)

Cybersecurity Risk Assessment Methodology

Note: Our cybersecurity risk assessment uses publicly available data sources to ensure transparency and reproducibility. While this approach has limitations, it provides a standardized baseline for comparing jurisdictions.

Data Sources

HHS Breach Portal

Healthcare-specific breach incidents reported per 100,000 population
Weight in risk calculation: 40%
FBI Internet Crime Complaint Center (IC3)

Regional cybercrime reports per 100,000 population
Weight in risk calculation: 35%
CISA Known Exploited Vulnerabilities (KEV) Catalog

Critical vulnerabilities affecting healthcare systems
Weight in risk calculation: 25%

Risk Score Calculation

Component	Calculation Method	Score Range
Breach Score	`(Incidents per 100k) / 5.0` Normalized against maximum expected rate of 5 incidents per 100k population	0.0 - 1.0
Cybercrime Score	`(Reports per 100k) / 500.0` Normalized against maximum expected rate of 500 reports per 100k population	0.0 - 1.0
Vulnerability Score	`(Critical vulnerabilities) / 15.0` Normalized against maximum expected count of 15 critical vulnerabilities	0.0 - 1.0

Limitations and Considerations

Data Limitations

Reporting delays in public data sources (typical lag: 30-90 days)
Underreporting of incidents, especially in smaller jurisdictions
Geographic attribution challenges for cybersecurity incidents
Limited visibility into internal security measures and controls

Data Update Frequency

HHS Breach Portal Daily
FBI IC3 Reports Quarterly
CISA KEV Catalog Weekly

SVI Integration for Cybersecurity Risk

We apply the CDC's Social Vulnerability Index socioeconomic factor as a secondary multiplier in cybersecurity risk assessment based on research showing strong correlations between:

Socioeconomic status and cybersecurity budget/resource allocation
Economic vulnerability and cybersecurity resilience/recovery capability
Poverty indicators and access to cybersecurity expertise
Education levels and staff security awareness/training outcomes

This integration increases cybersecurity risk scores by up to 25% for jurisdictions with high socioeconomic vulnerability, ensuring resource allocation accounts for these disparities.

Future Enhancements

We continuously evaluate opportunities to enhance our cybersecurity risk assessment methodology, including:

Integration of additional public threat intelligence feeds
Improved geographic specificity for incident attribution
Enhanced visualization of threat patterns and trends
Integration of anonymized aggregate data from security information sharing partnerships

CDC Public Health Emergency Preparedness (PHEP) Capabilities Integration

The Wisconsin Geospatial Health & Emergency Preparedness Risk Assessment Tool has been enhanced to align with the CDC's Public Health Emergency Preparedness (PHEP) Cooperative Agreement 2024-2028. This alignment ensures that preparedness strategies provided by the tool directly support the core capabilities required for effective public health emergency response.

PHEP Capabilities Integrated Throughout Tool

All risk assessment results, action plans, and preparedness recommendations have been designed to support the following CDC PHEP Capabilities:

Foundational Capabilities

Community Preparedness - Building community resilience through risk-informed planning
Community Recovery - Supporting recovery operations for public health systems
Emergency Operations Coordination - Establishing effective incident command structures
Emergency Public Information and Warning - Facilitating timely information exchange
Information Sharing - Maintaining situational awareness across partners
Responder Safety and Health - Protecting public health workforce

Incident-Specific Capabilities

Medical Countermeasure Dispensing and Administration
Medical Materiel Management and Distribution
Medical Surge - Supporting healthcare systems during crises
Nonpharmaceutical Interventions - Implementing community mitigation strategies
Public Health Laboratory Testing - Identifying biological and chemical threats
Public Health Surveillance and Epidemiological Investigation

PHEP Capability Implementation in Risk Assessment and Action Planning

For each risk type, specific PHEP capabilities are identified and integrated into our three-phase implementation approach:

Implementation Phase	Timeframe	PHEP Capability Focus
Immediate	0-30 days	Emergency Operations Coordination Emergency Public Information and Warning Community Preparedness
Short-term	1-3 months	Information Sharing Medical Countermeasure Dispensing Public Health Surveillance Responder Safety and Health
Long-term	3-12 months	Community Recovery Public Health Laboratory Testing Medical Surge Medical Materiel Management

PHEP Cooperative Agreement Alignment

The action plans generated by this tool are specifically designed to help local and Tribal health departments meet the requirements of the CDC PHEP Cooperative Agreement 2024-2028. Each recommendation is tied to specific PHEP capabilities and can be directly incorporated into jurisdictional preparedness plans and funding applications.

Version History and Updates

Version	Date	Key Changes
1.9.0	May 4, 2025	NEW: Persistent Caching System - Implemented efficient file-based persistent caching for data sources based on their update frequency NEW: Advanced Data Validation - Created comprehensive validation and verification tools for Census API data NEW: API Error Handling - Added robust error handling with retry mechanisms and graceful degradation for all external API connections Reduced API usage for Census ACS data from daily to annual with quality-controlled persistent caching Enhanced SVI data retrieval with validation, error handling, and annual persistent caching Implemented cache expiration periods appropriate to each data source's update frequency Added metadata tracking for all cached data to improve traceability and debugging
1.8.0	April 20, 2025	NEW: NCES (National Center for Education Statistics) SSOCS (School Survey on Crime and Safety) Integration - Added SSOCS 2019-2020 data into Active Shooter risk model NEW: Five-Domain Active Shooter Framework - Created dedicated active shooter methodology page with detailed explanation of risk domains Enhanced Active Shooter Risk calculation with improved GVA (Gun Violence Archive) data and county mapping Improved School & Youth Vulnerability domain with comprehensive school safety metrics Added detailed attribution of data sources throughout Active Shooter documentation
1.7.0	April 16, 2025	NEW: Health Impact Factor Integration - Added health-related consequence multiplier from FEMA NRI data, scaling risk scores to better reflect health impacts Enhanced residual risk formula to include health impact factor Improved flood risk calculation with health consequences data Updated methodology documentation to explain health impact factors
1.6.0	April 16, 2025	NEW: Implemented advanced residual risk calculation formula across all risk types: (Exposure × Vulnerability) - (Resilience × Maximum Risk) NEW: Replaced percentile-based ranking with jurisdiction-specific risk scoring that doesn't require comparison NEW: Enhanced utilities risk calculations (electrical outage, utilities disruption, supply chain, fuel shortage) with residual risk model Integrated CDC Public Health Emergency Preparedness (PHEP) Capabilities framework throughout all risk types Enhanced action plans with public health-specific preparedness strategies aligned with CDC PHEP Cooperative Agreement 2024-2028 Implemented enhanced visual risk prioritization system with impact bars for resource allocation decisions Added comprehensive utilities risk assessment with four distinct components (Electrical Outage, Utilities Disruption, Supply Chain, Fuel Shortage) Implemented multi-dimensional risk models for tornado, winter storm, and thunderstorm hazards using Exposure, Vulnerability, and Resilience components Updated risk weight distribution: Natural Hazards (40%), Health Metrics (20%), Active Shooter (10%), Utilities (30%) Applied SVI socioeconomic factors to all risk calculations (25% maximum impact)
1.2.0	April 15, 2025	Applied socioeconomic SVI factor to all risk calculations (25% maximum impact) Enhanced risk calculation accuracy with multi-factor SVI integration Improved cybersecurity risk assessment methodology with socioeconomic indicators Updated methodology documentation to reflect comprehensive SVI integration Fixed data quality issues in regional risk assessment calculations
1.1.0	April 4, 2025	Added coverage for all 90+ Wisconsin health departments Implemented Southwest Suburban Health Department (West Allis-Greenfield) Added Wauwatosa Health Department with complete risk profile Fixed jurisdiction mapping duplications (Shawano-Menominee, Brown County) Improved data scraping for Wisconsin DHS portal Enhanced jurisdiction mapping for all counties Updated methodology documentation with comprehensive coverage details
1.0.0	March 24, 2025	Initial release with 12 core jurisdictions Base implementation of risk calculation methodology Integration with Census, DHS, and FEMA data sources Basic risk visualization and reporting

Next Scheduled Review: September 30, 2025

Risk Assessment Methodology

Comprehensive Wisconsin Coverage

Data Source Overview

Real-time Data Sources

Static Data Sources

Synthetic Risk Models

Data Transparency Commitment

Data Validation Process

Data Caching Strategy

Risk Prioritization and Percentile Ranking

Absolute Risk Scores

Percentile Rankings

Percentile Ranking Implementation

Temporal Risk Component Framework

Baseline (50%)

Seasonal (20%)

Trend (20%)

Acute (10%)

Benefits of the BSTA Framework

Temporal Patterns by Hazard Type

Enhanced Extreme Heat Risk Methodology

Climate-Adjusted Risk Assessment

Data Sources

Calculation Framework

Scientific Transparency

Multi-Dimensional Risk Framework

Exposure

Vulnerability

Resilience

Implementation Note

Social Vulnerability Index (SVI) Integration

What is SVI?

How SVI Enhances Risk Calculations

Implementation Note

Verify Our Data Sources

Data Sources and Risk Calculations

Residual Risk Calculation Framework (v1.7.0)

Exposure

Vulnerability

Resilience

Maximum Risk

NEW Health Impact Factor

Visual Risk Prioritization System (v1.6.0)

Risk Scoring Framework

Prioritization Benefits

NEW: Five-Domain Active Shooter Risk Framework (v1.8.0)

Five-Domain Framework

Key Improvements

Data Update Frequency

Verify Our Data Sources

Detailed Documentation

Cybersecurity Risk Assessment Methodology

Data Sources

HHS Breach Portal

FBI Internet Crime Complaint Center (IC3)

CISA Known Exploited Vulnerabilities (KEV) Catalog

Risk Score Calculation

Limitations and Considerations

Data Limitations

Data Update Frequency

SVI Integration for Cybersecurity Risk

Future Enhancements

Health System Metrics Impact

Risk Level Categories

CDC Public Health Emergency Preparedness (PHEP) Capabilities Integration

PHEP Capabilities Integrated Throughout Tool

PHEP Capability Implementation in Risk Assessment and Action Planning

PHEP Cooperative Agreement Alignment

Version History and Updates