News & Insights

TJC Tips for Protecting Patients in a Cyberattack

October 23, 2023

TJC Tips for Protecting Patients in a Cyberattack
SHARE :           

October is Cybersecurity Awareness Month. To help our insureds better protect themselves and their practices from a cybersecurity incident, we will provide cybersecurity-related content in our newsletters and on social media this month.

Earlier this year in a Sentinel Event Alert newsletter, The Joint Commission (TJC) published tips and recommendations for preserving patient safety after a cyberattack. The alert noted, "the recent increase in cyberattacks, especially ransomware attacks, on hospitals and health systems means that the potential to experience a cyberattack that adversely affects operations is not an “if” but a “when” question. There are actions that hospitals and other healthcare organizations can take to prepare to deliver safe patient care in the event of a cyberattack by using the Joint Commission’s Emergency Management (EM) Standards as a framework and following the suggested actions."

Broadly, the suggested actions include:

  • Evaluate HVA findings and prioritize hospital services that must be kept operational and safe for an extended downtime.
  • Form a downtime planning committee to develop preparedness actions and mitigations, with representation from all stakeholders.
  • Develop downtime plans, procedures and resources. 
  • Designate response teams.
  • Train team leaders, teams, and all staff on how to operate during downtimes.
  • Establish situational awareness with effective communication throughout the organization and with patients and families. 
  • After an attack, regroup, evaluate, and make necessary improvements.

To learn more about TJC's tips and recommendations for preserving patient safety after a cyberattack, read the Sentinel Event Alert newsletter.

 


Annual Reports:

Receive Regular Updates: