With the first patient death directly tied to a cyberattack in Germany and other recent high-profile cyberattacks on healthcare organizations in the United States, health IT leaders are doubling down on security efforts and downtime procedures.
It’s not a matter of if, but when.
According to a recent HCPro Revenue Cycle Advisor article “Recent Cyberattacks Highlight Importance of Downtime Procedures,” healthcare organizations must be well prepared in advance of an incident occurring. Hospitals should continue to function effectively when reverting to manual procedures during unplanned downtime or network disruption.
“It’s a matter of, what data do you have about the people on the floor?” says Mike Caplenor, Director of Client Security Assurance at CereCore. “Because the people on the floor are impacted—and that patient especially in the ICU—so you need to understand their relevant information.”
Takeaways for Plan B
Although The Joint Commission requires hospitals to implement manual procedures during unplanned downtime, there’s a big difference between having a plan and being able to implement where patient treatment continues uninterrupted. Experts in the article had these takeaways to offer:
- It is important for hospitals to have an offline or air-gapped solution that gives practitioners access to patient fact sheets, which contain necessary information such as current medical condition, level of functioning, medical history, prior hospitalizations, and medications.
- Many organizations are moving to cloud-based solutions for a reliable back-up electronic health record. “There are processes out there that try to query and pull data from the electronic health record and keep it live and generate a report so the floors can work them down,” Caplenor said. “And eventually they transition to paper record. They have to keep that record, and the big part is once they recover their environments, they have to put all that documentation back into the system.”
- Most IT and security professionals know exactly what needs to be done. But there are distractions and often not enough time and resources to cover what’s both urgent and important.
- The importance of staff training cannot be overstated.
- Organizations do not always include all the right personnel in training, nor revisit the plan often enough.
Download the article pdf for additional resources on downtime protocols at healthcare institutions.