Joint Commission issues cybersecurity Sentinel Event Alert

Aug. 15, 2023

On Aug. 15, The Joint Commission published a Sentinel Event Alert on preserving patient safety after a cyberattack.

The alert stated, “The number of cyberattacks and information system breaches in healthcare has grown steadily, escalating from isolated incidents to widespread targeted and malicious attacks. In 2022, 707 data breeches occurred, exposing more than 51.9 million patient records, according to data from the Department of Health and Human Services (DHHS).”

The alert explained that Princeton Community Hospital in West Virginia was a victim of a ransomware attack and how the organization handled the event due to its policies and procedures already in place. As ransomware attacks and cybersecurity incidents are a matter of if, not when.

The alert urged all staff, not just IT, being prepared. “Preparing for a cyberattack should not be a concern for the hospital IT staff alone; all hospital staff must be prepared to operate during a cyber emergency,” the alert stated.

Further, “Joint Commission Emergency Management (EM) Standard EM.11.01.01 requires a hospital to conduct a hazards vulnerability analysis (HVA) that includes human-caused hazards such as cyberattacks. The identification of cyberattacks as a prioritized hazard would provide a starting point for hospitals to identify and implement mitigation and preparedness actions to reduce the disruption of services and functions and assure patient safety.”

The alert then laid out recommended actions.

The Joint Commission has the alert.

Photo 170554520 | Business © Kseniia Kolesnikova | Dreamstime.com
ID 154742479 © Pop Nukoonrat | Dreamstime.com
Photo 284411646 | Ai Healthcare © Yuri Arcurs | Dreamstime.com
557322636 © 2ragon | stock.adobe.coom