Issue link: https://beckershealthcare.uberflip.com/i/1479669
34 CEO / STRATEGY Tenet's $100M cyber incident raises 10 must- ask questions for boards By Nathan Tucker C yberattackers don't need to steal data to cause chaos, they just need to pose enough of a threat that management is forced to halt business. Dallas-based Tenet Health is one of the largest for-profit health organizations in the U.S., with nearly 600 medical facilities and over 100,000 employees. e organization temporarily halted some of its business due to a cyberattack, and its second-quarter earnings absorbed $100 million in lost business and remediation costs, according to an Aug. 10 report from Forbes. On April 26, 2022, Tenet disclosed that in response to a cyberattack, it had "immediately suspended user access to impacted information technology applications, executed extensive cybersecurity protection protocols and quickly took steps to restrict further unauthorized activity." According to a follow-up press release, "there was temporary disruption to a subset of acute care operations, the Company's hospitals remained operational and continued to deliver patient care safely and effectively, utilizing well-established back-up processes. At this time, critical applications have largely been restored and the subset of impacted facilities has begun to resume normal operations." e Tenet Health case reinforces why boards and senior leaders must be increasingly prepared to address rising cyber-related business interruption risk. Here are 10 diagnostic questions that credible response plans, as a minimum, must address: 1. Under what cyber threat circumstances would leadership halt operations? 2. What IT system redundancies and controls are employed to avoid shutdowns? 3. Are senior leaders fully prepared to address a cyber attack requiring business interruption? 4. Which senior leader(s) has/have final "kill switch" decision authority? 5. What would be the estimated hourly and daily cash flow effects of closures? 6. Does the current cyber insurance policy include sufficient business interruption coverage? 7. What detail is necessary to file a business interruption claim, and does the organization routinely gather such data and prepare similar reports? 8. How frequently are cyber response procedures reviewed, audited, and tested to ensure clarity, adequacy, effectiveness and efficiency? 9. Is the board aware of emergency closure plans and periodic review results? 10. What specific stakeholder disclosures would a shutdown require?Keith Zimmerman was named president of HCA's MidAmerica Division. n Duke University Health System COO calls for civility after attack on nurse By Kelly Gooch T he COO of Durham, N.C.-based Duke University Health System is calling for an end to the "ugly epidemic of violence" against healthcare workers and civility from the public following a recent attack on an emergency room nurse. Craig Albanese, MD, executive vice president and COO of Duke University Health System, expressed these thoughts in an opinion piece published Aug. 8 in The Charlotte Observer. In the article, Dr. Albanese acknowledged increased incidents of workplace violence at healthcare facilities during the pandemic, including one in July where a patient allegedly attacked an emergency room nurse at Duke Raleigh (N.C.) Hospital, which left her unconscious and with facial fractures. Police arrested a patient in connection with the incident. The attack prompted Duke University Health System to intensify security. Dr. Albanese said the organization has also increased staff training and posted signage "to remind patients and visitors that aggressive behaviors are not tolerated." "To be clear: Being abused is not part of the job and we advocate zero tolerance for violent outbursts against healthcare workers," Dr. Albanese wrote. "To the public, we are pleading for civility. We urge everyone to exercise patience, compassion and empathy when seeking care in a hospital, clinic or physician's office," he wrote. "We are there to help to the best of our abilities. Our teams cannot do their best when facing verbal threats, harassing comments, obstinance, biting, slapping and other forms of physical and emotional abuse that erupt with alarming regularity. This needs to stop." Dr. Albanese also urged Congress to enact a bill, called the Safety From Violence for Healthcare Employees Act, to protect healthcare workers from violence that is modeled after protections for aircraft and airport workers. He concluded: "With the public's support — including the individual actions of each person who becomes a patient or patient's advocate in the healthcare setting — we are confident we can eradicate this ugly epidemic of violence against healthcare workers." n