CHA News Article

Template Available for Health Care Cybersecurity Incident Action Plan

The U.S. Department of Health and Human Services has released the attached template to assist health care facilities in establishing a documented recovery plan after a cybersecurity incident. The plan should include various methods for internal and external voice and data communication, including fax machines and portable radios; a schedule for departments to exercise their plans individually, as well as with all other departments, at least annually; and a business continuity strategy that includes immediate notification of key internal and external personnel, along with the appropriate Federal Bureau of Investigation field office. The template also outlines steps information technology and cybersecurity departments should take to obtain the most updated information on current threats and best practices.