Printer Friendly, PDF & Email

Considerations for incident response: What changes during a national healthcare disaster?

Marti Arvin ( is Executive Advisor, CynergisTek, Austin, TX.

Most healthcare organizations perform drills for a variety of situations. It might be an airplane crash at the local airport, a hurricane or tornado hitting the local community, a major fire or earthquake, or a cyberincident, but those are all relatively local incidents. While healthcare organizations in the affected area may have issues, they can generally rely on the support of other nearby facilities. The preparation is not the same when the entire country is hit with the disaster.

Incident response is still something healthcare organizations must be prepared for even in the middle of dealing with a national crisis such as the COVID-19 pandemic. While the Department of Health & Human Services Office for Civil Rights has published its willingness to exercise enforcement discretion in a number of areas (e.g., telehealth),[1] it has not provided any indication that organizations can be lax in their incident response or breach notification. Many organizations have policies and procedures in place to detect, respond, and recover from an incident. A national emergency does not change this obligation, but the method of doing these steps may change when the entire organization is dealing with a crisis like the COVID-19 pandemic.

Healthcare organizations need to consider what changes they need to anticipate in their incident response when the assumptions they made for a local disaster are no longer valid. This article will focus on the response to a cyberincident, but some of the discussion will be relevant for other types of incidents as well. Prior to a national disaster like the current crisis, most organizations prepared to respond to a cyberincident by having an on-site command center. They may have also put in place a good vendor support structure. Ideally, the organization had strong tools in place to detect an incident and a methodology to assess if the incident resulted in a breach. But a number of these processes might need to be changed in a national emergency.

This document is only available to members. Please log in or become a member.