On Aug. 15, The Joint Commission published a Sentinel Event Alert on preserving patient safety after a cyberattack.
The alert stated, “The number of cyberattacks and information system breaches in healthcare has grown steadily, escalating from isolated incidents to widespread targeted and malicious attacks. In 2022, 707 data breeches occurred, exposing more than 51.9 million patient records, according to data from the Department of Health and Human Services (DHHS).”
The alert explained that Princeton Community Hospital in West Virginia was a victim of a ransomware attack and how the organization handled the event due to its policies and procedures already in place. As ransomware attacks and cybersecurity incidents are a matter of if, not when.
The alert urged all staff, not just IT, being prepared. “Preparing for a cyberattack should not be a concern for the hospital IT staff alone; all hospital staff must be prepared to operate during a cyber emergency,” the alert stated.
Further, “Joint Commission Emergency Management (EM) Standard EM.11.01.01 requires a hospital to conduct a hazards vulnerability analysis (HVA) that includes human-caused hazards such as cyberattacks. The identification of cyberattacks as a prioritized hazard would provide a starting point for hospitals to identify and implement mitigation and preparedness actions to reduce the disruption of services and functions and assure patient safety.”
The alert then laid out recommended actions.
