Q: We are updating our emergency preparedness plan. What is often overlooked?
A: Cybersecurity is a key aspect of an emergency preparedness plan that facilities often overlook. Two related areas of concern include data breaches and ransomware.
Data breaches jeopardize sensitive resident information, such as social security numbers or medical device facts. Ransomware is a type of breach that involves corrupting or encrypting sensitive data, withholding it until a facility pays a ransom amount. These breaches usually occur through phishing attacks, where someone within the organization clicks on an email with malicious links.
Such attacks can affect the nursing department in several ways. Leaked data enables a stranger to use a resident’s information to impersonate them. A resident entering a facility could use someone else’s information, such as social security or insurance data, to gain services they are not entitled to. Ransomware also can deprive a facility of vital technology, such as an electronic health record.
A preparedness plan should address how the facility will respond to a cyberattack, while continuing to provide care and services to the residents. Emergency preparedness planning should include how the facility will access medical information, such as medication and treatment administration records, care plans, and physician orders.
In the event of a data breach, the emergency plan should state how the facility will notify residents.
Cyberattacks are crises that healthcare facilities must confront. To ensure that facilities can navigate such threats, proactively plan for continuity of care. Facilities should also test their emergency preparedness plans to ensure they address the evolving threat landscape.
From the July/August 2024 Issue of McKnight's Long-Term Care News
