By Yolanda Sims, JD, MHA
Loss Prevention and Risk Management Advisor

The growing number of cyberattacks in healthcare continues to rise, as does the concern for patient safety. A Chicago children’s hospital recently took its networks offline as a part of its response to a cybersecurity attack. The attack is a stark reminder of the real-world consequences impacting patient safety and underscores the importance of developing, adhering to, and practicing a cyber emergency plan.

Examples of Impacts of a February Cyberattack on a Chicago Children’s Hospital

From a February 5, 2024, Associated Press article.

1) The facility created a separate call center for patients to get prescriptions refilled or ask non-urgent questions about care or appointments.

2) A 9-year-old who receives regular infusions of medication for a rare autoimmune disease had an extended appointment, about 30 minutes longer than usual. The clinical staff quickly adapted, kept records on paper, and texted her doctor for medical management.

3) A family anxiously awaited an update after learning their 7-month-old’s heart surgery was delayed, a procedure doctors had planned for since her birth. After a delay of a few hours, the surgeon was not comfortable going forward while the hospital tried to respond to the attack.

“Preserving Patient Safety After a Cyberattack” Joint Commission Alert

To help healthcare organizations take action to protect themselves against cyber interruptions, The Joint Commission issued a new Sentinel Event Alert, “Preserving patient safety after a cyberattack.”

Recommendations to Providers on Creating an Emergency Cyber Plan

• Evaluate hazards vulnerability analysis (HVA) findings and prioritize hospital services that must be kept operational and safe during an extended downtown.

• Form a downtime planning committee to develop preparedness actions and mitigations, with representation from all stakeholders. 

• Develop and regularly update downtime plans, procedures, and resources to support clinical decision-making.

• Designate response teams. Create an interdisciplinary team to mobilize during unanticipated downtime events. 

• Train team leaders, their respective teams, and all staff on how to operate during downtimes, including specific incidents that would cause downtime to go into effect, e.g., tabletop exercises.

• Establish situational awareness with effective communication throughout the organization and with patients and families. 

• After an attack, regroup, evaluate, and make necessary improvements. Take steps to recover and protect systems. 

CODE DARK – An Action Plan for Cyber Disruptions to Healthcare Delivery

Response and recovery time after a cyberattack is crucial. Hospitals and clinics need a plan of action to use when a cyberattack disrupts medical services to patients. An April 2023 article from Healthcare Innovation discusses a presentation by Nate Lesser, vice president and chief information security officer for Washington D.C.-based Children’s Nation Hospital. In his presentation, “Code Dark: Finding Force Multipliers in Hospital Cybersecurity,” Lesser recommended that facilities incorporate a CODE DARK into their response plan.

He noted hospitals have codes for active shooters, hurricanes, and other emergency incidents. CODE DARK is a code that will be called when a facility is actively combatting a cyberattack.

The DARK in CODE DARK stands for:

• D – Disconnect your workstation and internet-connected devices.
• A – Await instructions from your IT department before reconnecting computers.
• R – Report to your managers for department-specific downtime actions.
• K – Know and follow your department’s emergency policies and procedures.

To prevent disruption to patient care, everyone must play their part. Coordination and collaboration must occur across the entire work staff, be it a large regional health system or a small-town practice. Everyone plays a vital role. After a cyber attack, the focus should be on the response and recovery process and ensuring patient safety.

Questions? We’ve Got You Covered.

For additional cybersecurity resources, please navigate to the Cyber Risk Management Resource page on the KAMMCO website. There, you’ll find instructions on registering for the Breach Solutions website. Should you need additional assistance, contact Yolanda Sims at ysims@kammco.com or 1-800-232-2259.

Upcoming Webinar to Discuss Cyber Trends in Healthcare

Join us via Zoom at noon on Tuesday, May 7, for 2024 Healthcare Cyber Security Trends and Tips. Henri-Errol Smith, claims manager in the Beazley cyber and tech division, zeroes in on the cyber challenges poised to impact healthcare providers in 2024. Henri-Errol brings his experience and frontline insights into the cyber and tech landscape to offer actional strategies to navigate digital hazards.