The amount of cyberattacks in healthcare is growing, and hospitals should be ramping up their protection efforts, according to The Joint Commission.
Nearly 52 million patient records were exposed in cyberattacks in 2022, The Joint Commission said Aug. 15, and a massive MOVEit data breach that has affected millions of Americans is still unfolding.
"For most hospitals, experiencing a cyberattack that adversely affects operations is not an 'if' but a 'when' question," The Joint Commission said.
Six ways to protect patients:
1. Conduct a hazards vulnerability analysis, and from those results, prepare for life- and safety-critical technology being offline for at least a month in case of a cyberattack. Mapping the consequences of losing EMR technology could help find "interdependencies and hidden dangers when systems can no longer connect to one another."
2. Create a multidisciplinary planning committee that's tasked with outlining preparedness actions and mitigations during EHR downtimes. Also form a multidisciplinary team that's poised to respond quickly to unanticipated downtime events.
3. Consistently revise strategies to be followed during those downtimes, such as when to declare downtimes, shut down electronic systems, or limit or cancel elective services.
4. Train all staff on how to operate during downtimes. One example of this training is drills of a downtime, which can familiarize workers with accessing paper documents and redundant systems.
5. Be ready to quickly communicate the knowns and unknowns of a cyberattack. Internal and external communications can be drafted in advance, and these alerts should include which systems are affected, the clinical and nonclinical ramifications, and what is being done about the situation.
6. After a cyberattack, regroup and find areas of improvement to build a stronger shield in case of a future event.