Joint Commission Issues Alert on Patient Safety After a Cyber-Attack
Thursday, September 7, 2023
Patient Safety Cyberattack
Print Mail Download i

On August 15, 2023, the Joint Commission issued a Sentinel Event Alert entitled “Preserving patient safety after a cyberattack,” which provides “tips on what organizations can do to prepare to deliver safe patient care in the event of a cyberattack.”

The Alert outlines the growth of cyber-attacks and information system breaches in the health care industry and how they have increased over the past several years. Some cyber-attacks, including ransomware attacks, have been reported to the Joint Commission, which noted that “[s]ome of these events were associated with harm to patients (e.g., delays in care).”

The Alert notes that “all staff-not only IT-must be prepared” for a cyber-attack so the organization can operate during a cyber emergency. In addition to implementing continuity of operations plans and disaster recovery plans, hospitals “must annually evaluate their emergency management program.” The actions suggested by The Joint Commission include:

  1. Prioritize hospital services that much be kept operational and safe for an extended downtime.
  2. Form a downtime planning committee.
  3. Develop downtime plans, procedures, and resources.
  4. Designate response teams.
  5. Train team leaders, teams, and all staff on how to operate during downtimes.
  6. Establish situational awareness with effective communication throughout the organization with patients and families.
  7. After an attack, regroup, evaluate, and make necessary improvements.

Many of the items suggested by The Joint Commission may be included in an organization’s Incident Response Plan, but specifically planning for downtime and lack of access to systems during an emergency is not always included. Planning for downtime and pivoting during an attack is critical to being able to respond to a cyber emergency and continue to operate and provide patient care. Reviewing existing plans and procedures to specifically address downtime and prioritizing the operational areas that involve critical patient care is necessary to avert delays in patient care in the event of a cyber-attack.

Copyright © 2024 Robinson & Cole LLP. All rights reserved.

Current Legal Analysis

More from Robinson & Cole LLP

Department of Justice Criminal Division Announces Voluntary Self-Disclosure Pilot Program for Culpable Individuals
by: David E. Carney , Danielle H. Tangorre
FTC Votes to Finalize Rule Banning Non-Compete Agreements Nationwide
by: Ian T. Clarke-Fisher , Trevor L. Bradley
Cisco Releases Updates to Vulnerabilities in Firewall Platforms
by: Linn F. Freedman
USPTO Issues Guidance on Use of AI Based Tools
by: Daniel J. Lass
California Trap & Trace Class Actions on the Rise in the Age of Website Trackers
by: Kathryn M. Rattigan
Aid Package Signed by President Biden Includes Divestiture of TikTok Requirement
by: Linn F. Freedman
Privacy Tip #395 – GM Faces Class Action for Collecting + Disclosing Drivers’ Data Without Consent
by: Linn F. Freedman
AI, Government Contractors, and Employment Discrimination
by: Data Privacy & Cybersecurity Robinson Cole
Chicago’s Application of Parking Regulations Violates RLUIPA
by: Eden (Hunter) Yerby
The Department of Education Releases Significant Revisions to Title IX Regulations
by: Kathleen E. Dion , Seth B. Orkand

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins