Today’s hospitals and other medical facilities face unprecedented challenges when responding to and recovering from critical events. These not only include the ongoing COVID-19 pandemic and frequent natural disasters but also dangerous and oftentimes costly cyberattacks. According to ASPR-TRACIE, which strives to fill gaps in healthcare system preparedness capabilities by sharing information and promising practices during planning efforts, recent cyberattacks on healthcare facilities have had significant effects on every aspect of patient care and organizational continuity. 

“Cyberattacks,” says ASPR-TRACIE, “highlight the need for healthcare organizations of all sizes and types to implement cybersecurity best practices and conduct robust planning and exercising for cyber incident response and consequence management.”

Enter the requirement for medical facilities to have a well-developed, fully tested, and always-actionable Emergency Operations Plan, or EOP. 

EOPs, as required by The Joint Commission, take an “all-hazards” approach to critical events varying in scale, duration, and cause. Accordingly, such plans encompass six crucial elements within the Joint Commission’s Emergency Management Standards. These include: 


  Resources and Assets

  Safety and Security

  Staff Responsibilities


  Clinical Support Activities

With each of these key areas addressed in an EOP, healthcare facilities are better prepared to address all types of emergencies, including cyberattacks. And that’s a very good thing given such malicious activity is steadily on the rise (some believe as much as 55% from 2019 to 2020 and at a cost of