Emergency Operations & Cybersecurity Plans Critical for Healthcare Facilities

Oct 19, 2021

Today’s hospitals and other medical facilities face unprecedented challenges when responding to and recovering from critical events. These not only include the ongoing COVID-19 pandemic and frequent natural disasters but also dangerous and oftentimes costly cyberattacks. According to ASPR-TRACIE, which strives to fill gaps in healthcare system preparedness capabilities by sharing information and promising practices during planning efforts, recent cyberattacks on healthcare facilities have had significant effects on every aspect of patient care and organizational continuity. 

“Cyberattacks,” says ASPR-TRACIE, “highlight the need for healthcare organizations of all sizes and types to implement cybersecurity best practices and conduct robust planning and exercising for cyber incident response and consequence management.”

Enter the requirement for medical facilities to have a well-developed, fully tested, and always-actionable Emergency Operations Plan, or EOP. 

EOPs, as required by The Joint Commission, take an “all-hazards” approach to critical events varying in scale, duration, and cause. Accordingly, such plans encompass six crucial elements within the Joint Commission’s Emergency Management Standards. These include: 

–   Communications

–   Resources and Assets

–   Safety and Security

–   Staff Responsibilities

–   Utilities

–   Clinical Support Activities

With each of these key areas addressed in an EOP, healthcare facilities are better prepared to address all types of emergencies, including cyberattacks. And that’s a very good thing given such malicious activity is steadily on the rise (some believe as much as 55% from 2019 to 2020 and at a cost of $21 billion alone in 2020). Unfortunately, experts agree that pandemic modifications, such as telemedicine and remote work, will only continue to make matters worse. 

That said, if it’s been a while since your hospital or medical facility reviewed its EOP, or even considered the possibility of a cyberattack, now may be the time to do so. At BOLDplanning, a division of Agility, we encourage you to think outside the proverbial box of emergency operations planning and to involve multiple departments, especially IT, in your preparedness efforts. Doing so will help protect patient data, your organization’s quality of care, and even its reputation and the bottom line. 

Prepare for & Prevent a Cyberattack

Our cybersecurity checklist will help you check for any signs that may lead to a data breach or a cyberattack at your organization and outlines preventative measures to safeguard your operations.