IHA Emergency Preparedness Exercise

August 27, 2019

MEMORANDUM

IHA Emergency Preparedness Exercise Addresses Cyber Threats

Healthcare is a top target of cyberattacks and ransomware, costing the average healthcare organization over $1 million in recovery efforts and compromising protected patient information. With such attacks on the rise, the 2019 IHA Emergency Preparedness Exercise will help fortify hospital and health system cyber preparedness.

We encourage your frontline staff and administrators to participate in this year’s exercise, an interactive live webinar on November 6 from 10 a.m. to 1:30 p.m. The exercise is a valuable opportunity to work through maintaining an effective care environment despite significant impact on your facility’s infrastructure. (Please see our flyer.)

Participating in IHA’s exercise also helps meet a requirement of the Centers for Medicare & Medicaid Services that hospitals demonstrate completion of two preparedness exercises per year. In addition, HIPAA compliance requires protection of digital information.

Exercise objectives are:

  1. Assess hospital cybersecurity plans that include hospital response to a ransomware, malware, phishing scams, and other potential cyberattacks or data breach. (Cybersecurity)
  2. Evaluate the hospital’s ability to recover from a cyber incident and resume normal operations and infrastructure. (Operational Coordination)
  3. Evaluate the healthcare facility’s ability to maintain clinical operations during a cyber-event impacting patient care equipment and resources. (Public Health and Medical Services)
  4. Identify alternate strategies to maintain intra-hospital, as well as inter-hospital communication throughout the incident. (Operational Communication)
  5. Assess the hospital’s ability to maintain positive brand image through media relations. (Public Information and Warning)
  6. Evaluate the healthcare facility’s ability to provide the Health Information Management Team with decision-relevant information to appropriately respond to the situation as well as any cascading effects. (Situational Assessment)
  7. Ensure healthcare facilities are able to return to routine operations in compliance with current continuity of operations or business continuity plans and policies. (Economic Recovery)
  8. Evaluate the hospital’s ability to successfully evacuate patients during a cyber incident. (Public Health and Medical Services)

The final exercise objective pertains to hospitals and health systems that choose to participate in an inject track on evacuating your facility and managing functional needs populations, including pediatric patients. We encourage you to maximize this opportunity to test your plans for both.

At IHA, we know that hospitals are targets to cyberattacks, and we understand the challenges involved in planning a large-scale evacuation with vulnerable populations. We also know that our annual exercise has become a critical piece of hospital and health system emergency preparedness efforts.

Last year’s exercise on an active threat incident reflected the unfortunate reality of mass shootings and violence occurring in hospitals. With cybersecurity just as timely of a topic, we’re confident your organization will benefit from this year’s exercise. Please share this registration link with your staff.

Please note that member pricing is based on authorized beds. Pricing information is available on our registration page. Systems that wish to enroll multiple hospitals can do so through the online registration system. Customization of the exercise is available for system and regional coalitions to meet your specific needs.