The Joint Commission issues Sentinel Event Alert on patient safety after a cyberattack

Editor's Note

The Joint Commission, on August 15, issued “Sentinel Event Alert 67: Preserving patient safety after a cyberattack.”

The Alert focuses on risks associated with cyberattacks and provides recommendations on how healthcare organizations can deliver safe patient care if a cyberattack occurs.

Actions suggested by The Joint Commission include:

• Conduct and evaluate a hazards vulnerability analysis and prioritize services that must be kept operational and safe for an extended downtime.
• Form a downtime planning committee, with representation from all stakeholders, to develop preparedness actions and mitigations.
• Develop downtime plans, procedures, and resources to keep patients safe and to maintain hospital operations after a cyberattack.
• Designate response teams to mobilize an organizational response to unanticipated downtime events, including evaluating the severity of the cyberattack, deciding whether to take the organization into full downtime mode, directing staff to take steps to ensure patient safety, and communicating with organizational leadership.
• Train team leaders, teams, and all staff on how to operate during downtimes and about the kinds of incidents that would cause a downtime to go into effect.
• Establish situational awareness with effective communication throughout the organization and with patients and families about which systems are affected and what is being done to address the situation.
• After a cyberattack, an organization must take steps to recover and protect systems, replace compromised hardware and software as necessary, and adapt systems to the new needs and requirements revealed by the attack.