Joint Commission Issues Guidelines for Dealing With a Cyberattack

By Eric Wicklund

With healthcare cyberattacks on the rise, the Joint Commission has issued guidance for health system executives on how to react once a data breach has been detected.

The Sentinel Event Alert, titled Preserving Patient Safety After a Cyberattack, lists a number of steps that health system leadership should take to ensure that patient care is safe. One of those most important recommendations is that leadership include all hospital staff in the process, not just IT staff.

“Cyberattacks cause a variety of care disruptions – leading to patient harm and severe financial repercussions,” David W. Baker, MD, MPH, FACP, the Joint Commission’s executive vice president for healthcare quality evaluation and improvement, said in a press release. “Taking action now can help prepare healthcare organizations to deliver safe patient care in the event of future cyberattacks. The recommendations in the Sentinel Event Alert, as well as The Joint Commission’s related requirements on establishing and following a continuity of operations plan, disaster recovery plan and more, can help healthcare organizations successfully respond to a cyber emergency.”

The recommendations include:

  • Evaluate hazards vulnerability analysis (HVA) findings and prioritize hospital services that must be kept operational and safe during an extended downtown.
  • Form a downtime planning committee to develop preparedness actions and mitigations, with representation from all stakeholders.
  • Develop and regularly update downtime plans, procedures and resources.
  • Designate response teams. Create an interdisciplinary team to mobilize during unanticipated downtime events.
  • Train team leaders, their respective teams and all staff on how to operate during downtimes, including specific incidents that would cause downtime to go into effect.
  • Establish situational awareness with effective communication throughout the organization and with patients and families.
  • After an attack, regroup, evaluate and make necessary improvements. Take steps to recover and protect systems.

Eric Wicklund is the associate content manager and senior editor for Innovation, Technology, Telehealth, Supply Chain and Pharma for HealthLeaders.