Skip to main content

Joint Commission issues Guidelines for Dealing With a Cyberattack

Analysis  |  By Eric Wicklund  
   August 16, 2023

The Sentinel Event Alert, titled "Preserving Patient Safety After a Cyberattack," informs health system leadership on how to react once an attack has been detected.

With healthcare cyberattacks on the rise, the Joint Commission has issued guidance for health system executives on how to react once a data breach has been detected.

The Sentinel Event Alert, titled Preserving Patient Safety After a Cyberattack, lists a number of steps that health system leadership should take to ensure that patient care is safe. One of those most important recommendations is that leadership include all hospital staff in the process, not just IT staff.

[Read also: How Sky Lakes Medical Center Overcame a Ransomware Attack.]

“Cyberattacks cause a variety of care disruptions – leading to patient harm and severe financial repercussions,” David W. Baker, MD, MPH, FACP, the Joint Commission's executive vice president for healthcare quality evaluation and improvement, said in a press release. “Taking action now can help prepare healthcare organizations to deliver safe patient care in the event of future cyberattacks. The recommendations in the Sentinel Event Alert, as well as The Joint Commission’s related requirements on establishing and following a continuity of operations plan, disaster recovery plan and more, can help healthcare organizations successfully respond to a cyber emergency.”

The recommendations include:

  • Evaluate hazards vulnerability analysis (HVA) findings and prioritize hospital services that must be kept operational and safe during an extended downtown.
  • Form a downtime planning committee to develop preparedness actions and mitigations, with representation from all stakeholders.
  • Develop and regularly update downtime plans, procedures and resources.
  • Designate response teams. Create an interdisciplinary team to mobilize during unanticipated downtime events.
  • Train team leaders, their respective teams and all staff on how to operate during downtimes, including specific incidents that would cause downtime to go into effect.
  • Establish situational awareness with effective communication throughout the organization and with patients and families.
  • After an attack, regroup, evaluate and make necessary improvements. Take steps to recover and protect systems.

Eric Wicklund is the associate content manager and senior editor for Innovation, Technology, Telehealth, Supply Chain and Pharma for HealthLeaders.


Healthcare cyberattacks are on the upswing, both in number and complexity, putting patient data and patient care in jeopardy

Healthcare leaders need to have a plan in place not only to prevent these attacks, but to protect and ensure patient care once an attack has occurred.

The Joint Commission has issued a list of recommendations for health systems in the event of a cyberattack, including stressing that the entire health system be included in the preparations, not just the IT staff.

Get the latest on healthcare leadership in your inbox.