Today’s hospitals and other medical facilities face unprecedented challenges when responding to and recovering from critical events. These not only include the ongoing COVID-19 pandemic and frequent natural disasters but also dangerous and oftentimes costly cyberattacks. According to ASPR-TRACIE, which strives to fill gaps in healthcare system preparedness capabilities by sharing information and promising practices during planning efforts, recent cyberattacks on healthcare facilities have had significant effects on every aspect of patient care and organizational continuity.
“Cyberattacks,” says ASPR-TRACIE, “highlight the need for healthcare organizations of all sizes and types to implement cybersecurity best practices and conduct robust planning and exercising for cyber incident response and consequence management.”
Enter the requirement for medical facilities to have a well-developed, fully tested, and always-actionable Emergency Operations Plan, or EOP.
EOPs, as required by The Joint Commission, take an “all-hazards” approach to critical events varying in scale, duration, and cause. Accordingly, such plans encompass six crucial elements within the Joint Commission’s Emergency Management Standards. These include:
– Resources and Assets
– Safety and Security
– Staff Responsibilities
– Clinical Support Activities
With each of these key areas addressed in an EOP, healthcare facilities are better prepared to address all types of emergencies, including cyberattacks. And that’s a very good thing given such malicious activity is steadily on the rise (some believe as much as 55% from 2019 to 2020 and at a cost of $21 billion alone in 2020). Unfortunately, experts agree that pandemic modifications, such as telemedicine and remote work, will only continue to make matters worse.
That said, if it’s been a while since your hospital or medical facility reviewed its EOP, or even considered the possibility of a cyberattack, now may be the time to do so. At BOLDplanning, we encourage you to think outside the proverbial box of emergency operations planning and to involve multiple departments, especially IT, in your preparedness efforts. Doing so will help protect patient data, your organization’