Checklists for responding to a security crisis

EHR system
Responding effectively to a security crisis requires planning, leadership involvement and outside help.

Responding effectively to a security crisis requires planning, and an article at Hospitals & Health Networks provides checklists to guide that effort.

The article differentiates between a security incident, in which an authorized person gains access to one or more computers, networks or other assets, and a security crisis, in which an intrusion affects the organization’s ability to operate.

That crisis can affect confidentiality, such as a breach of patient-protected data; integrity, in which patient records may be altered; and/or availability of systems for regular business.

Webinar

Curating a Higher Level of Personalized Care: Digital Health + Mom

A long-term digital health strategy is needed to respond to the technology demands of the modern patient while thriving as an independent hospital in a fiercely competitive market. In this webinar, Overlake and one of its digital health partners, Wildflower Health, will discuss how Overlake has approached digital health and why it chose to focus early efforts on expectant moms within its patient population.

RELATED: Emergency prep: C-suite's role in a disaster

One of the first steps: Notify hospital leaders and board members who have the authority—and the budget—to respond, says the author, Chris Williams, chief cybersecurity architect at Leidos Health, a consulting firm based in Reston, Va.

He also outlines the skills, services and other resources that will be required, such as being prepared for a high-stress situation.

“While a cyber crisis is hardly the only emergency that can occur at a hospital, it is one of the few that involves an active adversary who may try to thwart recovery. Encourage your team to be ready. It’s going to happen,” he says.

RELATED: Editor's Corner: Double down on those EHR contingency plans

Ninety-five percent of hospitals responding to a survey by the Department of Health and Human Services’ Office of Inspector General had a written EHR contingency plan, and more than two-thirds addressed HIPAA requirements such as having a data backup plan and an emergency mode operations plan.

Suggested Articles

The VA launched the National Artificial Intelligence Institute to prioritize AI R&D to improve veterans' health and public health initiatives.

Tim Robinson took on the job of CEO of Nationwide Children's Hospital on the retirement of Steve Allen, M.D.

Americans a generally satisfied with their health plans, according to a new survey.