Today’s hospitals and other medical facilities face unprecedented challenges when responding to and recovering from critical events. These not only include the ongoing COVID-19 pandemic and frequent natural disasters but also dangerous and oftentimes costly cyberattacks. According to ASPR-TRACIE, which strives to fill gaps in healthcare system preparedness capabilities by sharing information and promising practices during planning efforts, recent cyberattacks on healthcare facilities have had significant effects on every aspect of patient care and organizational continuity. 

“Cyberattacks,” says ASPR-TRACIE, “highlight the need for healthcare organizations of all sizes and types to implement cybersecurity best practices and conduct robust planning and exercising for cyber incident response and consequence management.”

Enter the requirement for medical facilities to have a well-developed, fully tested, and always-actionable Emergency Operations Plan, or EOP. 

EOPs, as required by The Joint Commission, take an “all-hazards” approach to critical events varying in scale, duration, and cause. Accordingly, such plans encompass six crucial elements within the Joint Commission’s Emergency Management Standards. These include: 

  Communications

  Resources and Assets

  Safety and Security