OR Manager November/December 2021 - 28

Technology
Continued from page 27
International Medical Device Regulators
Forum published a detailed manual
titled " Principles and Practices for
Medical Device Cybersecurity. " The
document recognizes that cybersecurity
is the responsibility of many
stakeholders-including hospitals.
port also lists several actions that leadership
can take to prepare for and prevent
cybersecurity events (sidebar, The
Joint Commission's " Quick Safety " ).
It is critical for hospitals to be ready
for
IoMT cybersecurity challenges to
address patient safety, protection of
finances, and meet future accreditation
standards.
Quick Safety: The Joint Commission's report
on organization-wide cybersecurity
The " human firewall " concept, as described
by The Joint Commission's Quick Safety
report, is where all staff at the organization
work together to help prevent cybersecurity
attacks in a " top-down organizational
approach. " The report breaks down
The Joint Commission's recommended
safety actions into four categories: leadership,
staff education/training, emergency
management, and IT resources.
Some of the recommended actions include:
➤ Create a culture of cybersecurity that
is top-down;
➤ Make sensitivity to cyberthreats part of
the organization's daily workflow;
➤ Recognize that cybersecurity threats
are always evolving, and threats are
organization-wide;
➤ Teach cybersecurity awareness and
The Centers for Medicare and Medicaid
Services (CMS) and its accreditation
organizations do not yet include requirements
for networked device cybersecurity.
The Office of Inspector General put
forth a new recommendation in June
2021 for CMS to see to this discrepancy
and present a plan for addressing
cybersecurity for quality oversight of
hospitals.
In October 2021, The Joint Commission
issued the " Organization-wide cybersecurity:
Creating a culture of defense "
report,
Reference
The Joint Commission. Quick Safety 62.
Organization-wide cybersecurity:
Creating a culture of defense. October
2021. https://www.jointcommission.
org/resources/news-and-multimedia/
newsletters/newsletters/quick-safety/
quick-safety-issue-62/.
Where can perioperative leaders
begin when trying to facilitate greater
patient safety through cybersecurity
measures? The following tips are
gleaned from several sources, including
Bruemmer's presentation at the OR
Business Management Conference in
September 2021:
* Start with an assessment and list of
all programs and connected devices;
* Assess each one on a standardized
risk scale-there are many of them
readily available;
in which it encourages
the " human firewall " concept. The re28
OR
Manager | Nov/Dec 2021
* Collaboratively decide what the organization's
minimum standards are;
* Decide how to intelligently monitor
those devices that do not meet the
agreed on minimum standards;
* Integrate cybersecurity risk measurements
into procurement processes;
* Re-evaluate over time, because
device security can " drift " as it becomes
older and not as supported;
* Establish monthly standardized reporting
and accountability within your
organization.
vulnerabilities at all levels of the
organization;
➤ Recognize cybersecurity as part of
patient care;
➤ Designate a chief information security
officer, accountable for coordinating
these efforts;
➤ Develop a robust business continuity
plan that can bring the organization
back to an operational level in a timely
fashion.
These steps will not happen overnight,
and one person alone will not
successfully put them in place. But
every step taken by leadership to make
their facilities more secure is a step in
the right direction. Collaborative work on
cybersecurity is a step towards making
patients safer in your care. ✥
-Karen Stockdale, MBA, BSN, RN
References
Bischoff P. Ransomware Attacks on
US Healthcare Organizations Cost
$20.8Bn in 2020. Updated March
10, 2021. Comparitech. https://
www.comparitech.com/blog/
information-security/ransomwareattacks-hospitals-data/#How_
much_did_these_ransomware_attacks_cost_healthcare_organizations_in_2020.
Bruemmer
D. Mayo Clinic cybersecurity
resilience program. OR Business
Management Conference. 2021.
https://www.orbusinessmanagementconference.com/speakers/.
Ponemon
Institute. The impact of
ransomware on healthcare during
COVID-19 and beyond. September
2021. https://www.censinet.com/
ponemon-report-covid-impact-ransomware/.
Cimpanu
C. First death reported following
a ransomware attack on a German
hospital. ZDNet. September
17, 2020. https://www.zdnet.com/
article/first-death-reported-followinga-ransomware-attack-on-a-germanhospital/.
Continued
on page 31
www.ormanager.com

https://www.comparitech.com/blog/information-security/ransomware-attacks-hospitals-data/#How_much_did_these_ransomware_attacks_cost_healthcare_organizations_in_2020 https://www.jointcommission.org/resources/news-and-multimedia/newsletters/newsletters/quick-safety/quick-safety-issue-62 https://www.orbusinessmanagementconference.com/speakers https://www.censinet.com/ponemon-report-covid-impact-ransomware https://www.zdnet.com/article/first-death-reported-following-a-ransomware-attack-on-a-german-hospital http://www.ormanager.com

OR Manager November/December 2021

Table of Contents for the Digital Edition of OR Manager November/December 2021