What's Happening?
The Joint Commission and the American Hospital Association have introduced the Cyber Resilience Readiness (CRR) program to help healthcare systems maintain operations during extended cyber outages. This initiative emphasizes the need for hospitals to deliver
safe patient care for 30 days or longer without relying on core technology systems. The program includes a self-assessment tool that evaluates a hospital's ability to provide care if technology fails, focusing on integrating clinical, business, emergency management, and disaster recovery operations. The assessment also highlights the importance of board involvement in cybersecurity discussions and the necessity of realistic downtime plans that are tested across all shifts and service lines.
Why It's Important?
The introduction of the CRR program is crucial as healthcare systems face increasing cybersecurity threats, with data breaches costing an average of $7.42 million. The program aims to mitigate these risks by ensuring hospitals can continue operations during cyber incidents, thus protecting patient safety and maintaining revenue streams. By encouraging collaboration among different departments and involving boards in cybersecurity planning, the program seeks to enhance overall resilience. This is particularly important as healthcare organizations rely heavily on technology, making them vulnerable to disruptions that can impact patient care and financial stability.
What's Next?
Healthcare CIOs are encouraged to use the CRR program's findings to develop robust business continuity plans that extend beyond short-term solutions. This includes conducting tabletop exercises for manual operations and focusing on a disaster recovery minimum viable product (MVP) that prioritizes critical systems. By doing so, hospitals can ensure they are prepared for prolonged cyber incidents, maintaining essential operations and patient care. The program's success will depend on the proactive engagement of healthcare leaders in assessing and improving their cyber resilience strategies.
