Issue link: https://beckershealthcare.uberflip.com/i/944376
29 Executive Briefing risk of the virus moving laterally and propagating throughout the enterprise. They should also work directly with their cyber-insurer and security vendors to assess the damage and begin recovery. Q: Do you see healthcare organizations beginning to engage staff in discussions about what to do in the event of a cybersecurity breach? What do/should these conversations look like? HR: Yes, we are seeing more organizations define their cyberattack recovery plans and educating their users about what a possible attack looks like and the possible damage it could cause. We're seeing more robust communication plans that include employee awareness programs, electronic communications, mandatory online courses and training integrated into clinicians' workdays. We also see simulated phishing attack exercises being performed, along with the hiring of external security organizations to take on the role of the hacker. Practicing response to an attack and recovery from an attack are critical to being prepared. Q: Besides meeting a ransom demand, a cyberattack can affect other aspects of a hospital's business, including patients' trust in the organization and patient volumes. In the wake of an attack, what can hospital leaders do to combat negative press and get their business back on track? HR: Hospital leaders must immediately accept responsibility and be part of the solution. They must take ownership and demonstrate a focused approach to recovering from the attack with plans to implement programs and solutions to minimize and avoid future attacks. They must clearly communicate with their community of patients, partners, employees, affiliates and business associates — stakeholders across the board. Although tempting, hospital leaders need to be careful not to assign ownership or blame to third parties such as their cyber-insurance provider or other technology providers. Ownership must be taken by the hospital's executive leadership. Q: Despite cybersecurity concerns, the benefits of moving data to the cloud clearly outweigh the risks. What do organizations risk by not making this transition? HR: The reality is that our healthcare data, just like our financial data, is already in the cloud. More importantly, we've moved way beyond the era of bring-your-own-device thinking to the point where patients, employees and caregivers are bringing their own apps to work. Those apps are being used in care settings and even to share patient information. Organizations must get ahead of that and implement programs that enable them to holistically embrace the cloud and hybrid-cloud to work for them without impeding care and care innovation or the ability to meet their "Quadruple Aim" objectives overall. n Microsoft is the leading platform and productivity company for the mobile-first, cloud-first world, and its mission is to empower every person and every organization on the planet to achieve more. We believe in what people make possible.