[00:00:00] Christian Dameff, MD: Hi, I'm Dr Christian Dameff, emergency medicine physician and medical director for cybersecurity. In the past seven episodes, you've heard of all the ways that cyberattacks can happen, how malicious hackers do it, and why. And how you can help do your part to prevent them from happening. But there's a saying in cybersecurity circles, it's not if a cyberattack is going to happen, but when.
[00:00:29] When it comes to cyberattacks, there are many decisions that shouldn't be made in the heat of the moment. That means you need to prepare before the attack comes to your organization. How are you going to continue to care for patients if medical devices don't work? If you can't access the electronic medical record, or scheduling, or lab data?
[00:00:48] If your organization has professionals trained in emergency management, work with them to review, update, or even develop cyber attack contingency plans. If emergency management is not available, form a committee or a group to do this important planning work yourself. Successful teams bring together people from different parts of the enterprise and draw on expertise from the clinical, technical, administrative, human resources, and legal stakeholders of your health care organization.
[00:01:17] Once plans are developed, it is important to test them. Regular drills across clinical environments and workflows can help you refine your procedures and ultimately reduce the impact cyberattacks will have on the care of your patients.
[00:01:31] What happens if my health care organization is attacked and systems go down?
[00:01:36] This video is not going to walk you through all the downtime procedures you need to perform, but we will get you to think about fundamental steps and capabilities and know the right questions to ask both before and during downtime. During a downtime situation, here are some of the basics you need to know.
[00:01:54] One, how to find all the patients in care areas you're responsible for. Two, how to identify patients at risk for harm from the downtime and increase their monitoring. Three, how to report patient safety concerns or adverse events. Four, how to use downtime documentation. Five, how to manually view diagnostic results and patient documentation. Six, how to safely admit, discharge, and follow up patients.
[00:02:23] During the attack, your organization is likely to have two different teams leading the response. Emergency management, in coordination with senior leadership, should launch a command center and deal with things like communications, human resources, and regional coordination.
[00:02:39] Your technical teams will launch incident response to get to the bottom of the attack. Stop its spread and begin to restore systems. One of the first things that should occur is effective communication of the attack to those responsible for caring for patients. Areas such as the intensive care units, emergency departments, perioperative spaces, and key services such as trauma, stroke, and cardiac care should be prioritized.
[00:03:06] Simultaneously, each part of the organization should implement its cyber attack plan or standard downtime procedures if no specific plan exists. If the organization is unable to care safely for patients, they should be diverted to other hospitals or clinics until these systems can be restored. You may be part of a larger process, and it's useful to know the many considerations facing your response teams and workflow.
[00:03:33] For example, a few key management concerns include: Who is coordinating between incident response and the command center? What public statements will be made, if any? Who is responsible for making these statements? Will we report this to the government? And if so, when do we report it? Will we be penalized?
[00:03:53] Should law enforcement be contacted for assistance? And in the case of ransomware, what is the organization's policy on paying the ransom? Are we covered by cyber insurance? Once incident response procedures have been established, it is important to test them. We also have to think about basic documentation during a downtime.
[00:04:13] This cannot be done because the electronic medical record is down. Patient safety and continuity of care may suffer as critical information about the care processes will be lost. It is critical to practice how to chart manually and record data so it can be input back into the electronic medical record when systems are restored.
[00:04:32] This will also lessen the financial impact of the attack through lost billing revenue after systems are restored. Downtime also includes improvising. There will always be situations that require us to improvise and think quickly to develop solutions. For example, think of dose calculations during a downtime.
[00:04:52] Knowing what doses to give patients is an incredibly critical function. Preparing ahead of time with offline medical resources can help reduce medical errors. It's human nature not to know everything about what to do during an event. It's also human nature to forget procedures you learned in training.
[00:05:10] It takes a lot of experience and a lot of practice to build that muscle memory. Stay with us. In our final episode, we'll review the material we've learned thus far.
Disclosure Statement: Unless noted, all individuals in control of content reported no relevant financial relationships.
If applicable, all relevant financial relationships have been mitigated.