As written in a previous blog post from BOLDplanning, a division of Agility, today’s hospitals and other medical facilities face unprecedented challenges when responding to and recovering from critical events. 

These extend beyond health emergencies, such as the COVID-19 pandemic, to include dangerous and often costly cyberattacks. Take last week’s ransomware attack on Prospect Medical Holdings, a chain that owns 16 hospitals and over 150 outpatient facilities in four states. The situation forced the organization to take its national computer systems offline, causing some locations to close temporarily and patients to miss certain non-emergency services. 

According to ASPR-TRACIE, which strives to fill gaps in healthcare system preparedness capabilities by sharing information and promising practices during planning efforts, cyberattacks highlight the need for healthcare organizations of all sizes and types to implement cybersecurity best practices. They also emphasize the need for facilities to conduct robust planning and exercising for cyber incident response and consequence management. 

Ransomware, as explained by the U.S. Cybersecurity & Infrastructure Security Agency (CISA), is a high