Oct 10 2022

Why Healthcare Organizations Must Focus on Building Resilience Before a Crisis

As healthcare organizations look to improve their IT resilience, they should consider three key areas.

When the COVID-19 pandemic first hit the U.S., healthcare organizations were forced to adapt and move at a speed that most had not previously experienced. Solutions that would have taken years to deploy were fast-tracked in weeks or even days. Telehealth and remote work were no longer nice to have; they were now a must to meet the public health emergency.

At Hackensack Meridian Health, headquartered in Edison, N.J., nondirect patient care staff began working from home in March 2020. CIO and CTO Mark Eimer says the technology the health network had didn’t work well for remote work, so the IT department adapted on the fly. 

“We basically used an agile methodology approach where we would try it, and if it didn’t work, we’d pivot and move on to something else,” Eimer says. 

Click the banner for access to exclusive HealthTech content and a customized experience.

Eimer and many healthcare IT leaders across the country showed great resilience during the pandemic. The steps taken should be examined and built upon so that health systems can be proactive should more crises arrive, whether in the form of a pandemic surge, a cyberattack or a catastrophic weather event.

As healthcare organizations look to improve their IT resilience, they should invest in critical support for their team members, conduct regular tabletop exercises and penetration testing, and develop key partnerships to complement their strategies.

READ MORE: How do you fight against alert fatigue in healthcare cybersecurity? 

Foster Your Healthcare IT Team

A resilient healthcare organization has teams working together to support each other and take action in tough times. Leaders who can delegate, recognize talent among team members and foster trust across departments will help improve resilience throughout the organization.

“Don’t underestimate the impact you have on people and how they respond to the needs of the team and the organization,” Paul J. Williams, associate vice president of information services infrastructure technology at Penn Medicine, writes in a column for Healthcare IT News.

Strong leadership is not about being the only person at the helm, exhausted and alone. Effective leaders know how to share responsibilities with their team members to create a collaborative ecosystem for action.

DISCOVER: How to use ServiceNow tools to drive digital transformation in healthcare.

Always Stay Prepared in Case of Emergencies 

Tabletop exercises and penetration testing are active drills that healthcare organizations can use to stay nimble in the face of cyberthreats. Tabletop exercises bring clarity to the responsibilities and roles needed in an emergency setting. Penetration testing assesses and evaluates how effective an organization’s security controls are.

“Tabletop exercises should result in action plans for continuous improvement of the emergency plan. A written evaluation of an exercise provides a guideline for what went well and what areas need attention, and should categorize outcomes by people, processes or technology,” CDW Healthcare Security Strategist Mike Gregory writes in a HealthTech blog.

Pen testing will help uncover any vulnerabilities or misapplied fixes before malicious actors do.

“It is critical for healthcare organizations to regularly perform both tabletop exercises and pen testing to enhance their security posture so they are more familiar with how they will respond and recover from an emergency within an established time frame,” Gregory writes.

Click the banner to learn more about effective IT integration related to mergers and acquisitions.

Seek Out Key Partnerships in Security and Other IT Needs

For health systems facing budget constraints, staffing shortages and skills gaps, it may be worth considering partnerships where appropriate.

If your hospital doesn’t have the resources for a dedicated security team, explore partner-delivered services such as managed detection and response, a security operations center or even a virtual CISO.

If your organization is planning to merge with another health system, look for partners that have experience in healthcare IT integration during mergers and acquisitions.

Healthcare organizations have shown a great deal of resilience during the pandemic, and it’s something they can nurture and strengthen to prepare for future emergencies. They don’t need to go it alone, and they can foster critical partnerships that can help them bounce back stronger than before.

insta_photos / Getty Images

Zero Trust–Ready?

Answer 3 questions on how your organization is implementing zero trust.