Joint Commission issues guidelines for dealing with a cyberattack

“Cyberattacks cause a variety of care disruptions – leading to patient harm and severe financial repercussions,” David W. Baker, MD, MPH, FACP, the Joint Commission’s executive vice president for healthcare quality evaluation and improvement, said in a press release. “Taking action now can help prepare healthcare organizations to deliver safe patient care in the event of future cyberattacks. The recommendations in the Sentinel Event Alert, as well as The Joint Commission’s related requirements on establishing and following a continuity of operations plan, disaster recovery plan and more, can help healthcare organizations successfully respond to a cyber emergency.”

The recommendations include:

• Evaluate hazards vulnerability analysis (HVA) findings and prioritize hospital services that must be kept operational and safe during an extended downtown.
• Form a downtime planning committee to develop preparedness actions and mitigations, with representation from all stakeholders.
• Develop and regularly update downtime plans, procedures and resources.
• Designate response teams. Create an interdisciplinary team to mobilize during unanticipated downtime events.
• Train team leaders, their respective teams and all staff on how to operate during downtimes, including specific incidents that would cause downtime to go into effect.
• Establish situational awareness with effective communication throughout the organization and with patients and families.
• After an attack, regroup, evaluate and make necessary improvements. Take steps to recover and protect systems.

Eric Wicklund is the associate content manager and senior editor for Innovation, Technology, Telehealth, Supply Chain and Pharma for HealthLeaders.