Just as a Southeastern U.S. blood center tries to recover from another cyberattack on a health system, others who have lived through the pain offered some words of wisdom in a webinar Tuesday that could help providers minimize disruption as well as insured and uninsured losses.
For starters, organizations must train employees on how to respond to a cyberattack, so staff will know exactly what to do when computer systems shut down, said Nio Queiro, interim chief revenue officer at Nashville General Hospital.
“You always have to have a Plan B, but we also are really focused on having downtime procedures,” Queiro said in the webinar that was hosted by Becker’s Healthcare, a health industry news site. “We’ve intentionally done drills to practice our downtime procedures.”
Queiro’s hospital, like facilities all across the country, felt the impact from the April computer attack on Change Healthcare, part of UnitedHealth Group’s Optum health business. It was considered a major incident, part of a growing trend of attacks on health care systems worldwide, Becker’s Erika Spicer Mason said. More recently, an Orlando-based blood donation center, OneBlood, in late July had its computers disabled by a ransomware hack.
“We need to be more ready,” said Laura Aylward, chief strategy and marketing officer for CarePayment, a patient billing finance firm. Hospitals and their networks must act like public utilities, ready to restore operations as soon as the storm has passed, she added.
Table-top planning exercises can’t just hit the highlights, but must get into the tiniest details of what to do after a strike, said Chris Thomas, chief revenue officer and president at Texas Children’s Hospital.
Part of being ready in the age of cyber crime also means being prepared to use old-school paper records and phone systems when emails and computer-network communication systems go dark, panelists said. Organizations should have actual “black books” or Rolodexes with all staff, vendor and patient contact information at their fingertips.
And paper records must be well organized and stored in easily accessible but safe areas.
“Scanning and indexing is not the topic that gets everyone’s hearts racing, but I don’t know if there’s a more important pinch point in business recovery,” Thomas said.
Billing must continue, panelists said. After one attack, CarePayment was able to quickly put all patients for one system on a payment plan, to ease patients’ concerns about missing a bill and to keep revenue coming in, Aylward said.
Health systems should also have alternative vendors on standby. If one vendor is disabled, another should be ready to carry the torch. Conversely, hospitals may help stricken vendors and others by using their own call centers or staff to help vendors communicate with patients and customers.
Leadership must regularly discuss ways to improve resiliency and communications, Queiro said.
“The war room keeps going,” she said.
And once a cyber incident is known, it’s vitally important to communicate with patients and with the news media to keep them abreast of complications and recovery, panelists said.
CrowdStrike Outage Insured Losses
Related: Cyber Resilience Lessons from the CrowdStrike Outage
Podcast: Rising Cyber Threats: Nation-State Actors Targeting Critical Infrastructure
Was this article valuable?
Here are more articles you may enjoy.