Checklists for responding to a security crisis

EHR system
Responding effectively to a security crisis requires planning, leadership involvement and outside help.

Responding effectively to a security crisis requires planning, and an article at Hospitals & Health Networks provides checklists to guide that effort.

The article differentiates between a security incident, in which an authorized person gains access to one or more computers, networks or other assets, and a security crisis, in which an intrusion affects the organization’s ability to operate.

That crisis can affect confidentiality, such as a breach of patient-protected data; integrity, in which patient records may be altered; and/or availability of systems for regular business.

Digital Transformation

Unlock the Digital Front Door with an App

The Member Mobile App is the smarter and better way to engage members anytime and anywhere. Members can find the right doctors, receive alerts, track spending, use telehealth, and more — all within a guided, intuitive, and seamless experience. Built exclusively for payers, it is ready to install and launch in a few months. Request a consult on how to enable the digital front door with the Mobile App, today.

RELATED: Emergency prep: C-suite's role in a disaster

One of the first steps: Notify hospital leaders and board members who have the authority—and the budget—to respond, says the author, Chris Williams, chief cybersecurity architect at Leidos Health, a consulting firm based in Reston, Va.

He also outlines the skills, services and other resources that will be required, such as being prepared for a high-stress situation.

“While a cyber crisis is hardly the only emergency that can occur at a hospital, it is one of the few that involves an active adversary who may try to thwart recovery. Encourage your team to be ready. It’s going to happen,” he says.

RELATED: Editor's Corner: Double down on those EHR contingency plans

Ninety-five percent of hospitals responding to a survey by the Department of Health and Human Services’ Office of Inspector General had a written EHR contingency plan, and more than two-thirds addressed HIPAA requirements such as having a data backup plan and an emergency mode operations plan.

Suggested Articles

On the heels of a $51 million funding round in March, Olive just secured $106 million in financing as the demand for automation solutions grows.

Digital transgender health company Plume is expanding into employee benefits. Here's why.

The kidney dialysis sector is a model study for the David vs. Goliath story.