It’s critical for hospitals and other firms to not only prepare for how they will respond to a cyberattack, but also consider the regional impact if a neighboring provider of services needed in the community is disrupted by a serious cyber incident, said Margie Zuk of Mitre.
For example, hospitals may have to unexpectedly care for patients suddenly diverted to their emergency departments and facilities when healthcare services at a neighboring institution have been disrupted by ransomware. “There is patient safety impact,” Zuk said in an interview conducted at the Healthcare Information and Management Systems Society 2024 conference in Orlando, Florida.
“Thinking about regional resiliency in addition to resiliency at your own hospital is critical. It’s very important that these relationships are established in a region, and when a cyberattack happens, regional partners are informed so they know what to expect,” she said.
“There need to be regional partnerships in dealing with these attacks. There needs to be an understanding of the whole end-to-end healthcare ecosystem.”
In the interview (see audio link below photo), Zuk also discusses:
- Preparing for ransomware and other disruptive cyberattacks, including the impact on upstream and downstream partners;
- The importance of rehearsing incident response for regional resiliency;
- The difficulties involved in transitioning from manual processes back to automated digital processes following an attack that disrupts IT systems for a length of time.
Zuk has more than 35 years of cybersecurity experience. She leads cyber engagement for healthcare in the Cyber Solutions Technical Center, where she oversees Mitre’s support to the U.S. Food and Drug Administration’s Center for Devices and Radiological Health on medical device cybersecurity preparedness and response.