October is Cybersecurity Awareness Month. To help our insureds better protect themselves and their practices from a cybersecurity incident, we will provide cybersecurity-related content in our newsletters and on social media this month.
Earlier this year in a Sentinel Event Alert newsletter, The Joint Commission (TJC) published tips and recommendations for preserving patient safety after a cyberattack. The alert noted, "the recent increase in cyberattacks, especially ransomware attacks, on hospitals and health systems means that the potential to experience a cyberattack that adversely affects operations is not an “if” but a “when” question. There are actions that hospitals and other healthcare organizations can take to prepare to deliver safe patient care in the event of a cyberattack by using the Joint Commission’s Emergency Management (EM) Standards as a framework and following the suggested actions."
Broadly, the suggested actions include:
- Evaluate HVA findings and prioritize hospital services that must be kept operational and safe for an extended downtime.
- Form a downtime planning committee to develop preparedness actions and mitigations, with representation from all stakeholders.
- Develop downtime plans, procedures and resources.
- Designate response teams.
- Train team leaders, teams, and all staff on how to operate during downtimes.
- Establish situational awareness with effective communication throughout the organization and with patients and families.
- After an attack, regroup, evaluate, and make necessary improvements.
To learn more about TJC's tips and recommendations for preserving patient safety after a cyberattack, read the Sentinel Event Alert newsletter.