Who's role is it to prepare for downtime on the floor? How quickly could you restore every IT system for your health organization? Today we explore.
Today in health, it. Cyber tax led to harrowing lapses at essential hospitals, clinicians say this is an NPR article. We're going to take a look at it from an it perspective. And see if there's a, maybe a little different planning that we might need to do. My name is bill Russell. I'm a former CIO for a 16 hospital system. And creator this week health set of channels and events dedicated to transform health care.
One connection at a time. We want to thank our show sponsors who are investing in developing the next generation of health leaders. Notable service now, enterprise health parlance. Certified health and Panda health. Check them out at this week. health.com/today. Hey, this new story, every new story we cover this week, health.com/news.
You can check it out on our website. Check it out today. Let me know what you think. All right. Oh June is lemonade days. And we've committed to raising $30,000 this month for a pediatric cancer for childhood cancer through Alex's lemonade stand foundation. You are a generous lot. We were up over $24,000 for the month and we appreciate that. To get us over the end, we are matching up to $10,000.
Any donations that are given through the end of June on our website, you go to this week health.com/well, just go to this week. health.com top right-hand column. You're going to see a yellow ribbon. Go ahead and click on that to give today. If you get $500 or more, we will send you one of our yellow hats this week health logo, Alex's lemonade stand foundation logo.
And we do some special things for people who wear the yellow hats at a industry, meetups and conferences that we are at. So love to have you be a part of that. And we will match that as well. So thank you for your generosity. One last thing, share this podcast with a friend or colleague use it as a foundation for daily or weekly discussions on the topics that are relevant to you and the industry, a form of mentoring. We would love for you to do that this year, make that commitment to mentor someone.
They can subscribe wherever you listen to podcasts. All right. Let's take a look at this article. Cyber attack led to herring harrowing lapses at essential hospitals, clinicians say. Okay. So ransomware attack on Ascension when a large healthcare systems in the U S severely disrupted patient care by locking clinicians out of critical electronic health systems. Nurses and doctors reported numerous lapses, including medication errors and delayed lab results. Do to abrupt shifts from electronic to manual systems. While the health system claimed readiness for such disruptions, many staff members noted. A lack of adequate training for extended downtime. The attack underscores the health sectors, vulnerability to cyber attacks and the need to improve cybersecurity measures as highlighted by recent government recommendations to bolster security standards in healthcare. I'm going to look at this from an it perspective.
One of the first things I think needs to be talked about is whose responsibility is it to prepare for an abrupt or an extended outage? On the floor. And while it supports that, I'm not sure it is responsible for that. Obviously we're responsible for the cybersecurity and the protection to, to ensure that doesn't happen or happens. If it does happen that we control the blast radius and it's not as widespread as it was during the Ascension attack. With that being said, the the systems being down. The critical care systems and the electronic systems. That led to medication errors and delayed lab results. This. Is probably probably this is planning that needs to be done on the floors. Of the health system. I remember talking to sky lakes, medical center. After their cyber attack.
And one of the things that they realized is that there's a lot of people that have been trained on the EHR and they have not been trained on paper processes. I know. It's it's it's hard to believe that we are that far away. From the advent of the electronic health system, but there are people who've graduated from medical school, come in and practice, and they've only practiced on the EHR.
So when you give them a pad of paper, And a pen. They just look at you like, what am I supposed to do? Not completely, they're going to write some stuff down, but are they going to write down all the stuff that they need to write down? Do we have forms available in the event that happens?
Do we have backup systems? I know for us, we had a critical downtime system at each one of the hospitals. I'm not sure what was in each one of the floors, but in key areas. Around the hospital that was offline. It was a restored or we moved data over to it on a frequent basis. I think it was every 24 hours.
We moved data over to it. That would become an archive system so that in the event that the rest of the systems were down, this stood by itself. And they could look up patients. They could find information on the patients. And they could provide information that was required for care. Now, with that being said, if you're taking the imaging systems down in the PAC systems and you're taking all that stuff down, there's going to be information that's not available.
There's going to have to be planning that is done. I think it's important to note. I am an important conversation that needs to happen. Every health system is. Who is responsible for extended downtime planning. Business continuity planning, extended downtime planning. And I think if you went to scripts and you went to Ascension and you went to a common spirit, you would see a different approach than you see in many health systems today. And you'll see people that have experienced those attacks, understand what it looks like now. And they are now planning at a different level. And they are planning not only for a minimal outage, which is what we used to have.
Oh, the system was down for two hours or it's down for an hour. I would just send patients home. We'll do whatever to. How do we operate under diversion for a week? For three weeks. How do we operate? With, How do we, take care of our patients? That are relying on us in the. It's to the extent that the systems are down for for three or four weeks.
I think when you get the three or four weeks, that's about the extent. About three weeks is about the extent. That the planning should take place for maybe four weeks. Anything beyond that you there's, something major has happened. We should be planning on an it perspective on restoring all of our systems. If every system at your health system went out, if every it. System went down. And you should have a plan to restore all of that and be pushing that plan as close it. It's down to a number that is a manageable. Right now, what we've seen is that if they take every system out, it's about three to four weeks. We've seen that with scripts.
We've seen that with sky lakes. We've seen that with with common spirit. We've seen that. I think we're going to see that with Ascension as well. You're going to have systems be down for about three to four weeks for about a month. What I would like to see it do is condensed that. Turd four weeks into three weeks turned three weeks into two weeks, two weeks into one week. If you can restore every system within your environment within one week. After a major cyber incident. We will have made significant progress. In healthcare, and that's what we want to do with each one of these attacks.
We want to learn. We want to grow. We want to get better, not only from defending against the attacks, but recovering. From the attacks. Okay. So I think the first question we want to have is who is really responsible for all of this planning. And I don't think it should all fall on it. In fact, I think. On, on the floors, I think very little of that falls on it. To the extent that you can provide backup systems and whatnot, we should, to the extent that you can provide communication during outages, you should. All those things really make sense. But how care gets delivered on that floor without electronic systems is something that the clinicians need to work through and figure out. And then the second thing is, how do you turn four weeks into one week is something that it should be firmly focused on.
How do you turn a major event into a non event would be the the ultimate outcome, right? Hey, we just had everything compromised and we're back up the next day. That would be perfect and really hard to do. I understand that, but that's the objective. That's the target? That's the goal. If we can get there. Then cyber attacks will have less of an impact. Need to pay ransom will go way down. And the number of attacks will go way down. If we can recover that quickly.
So anyway, That's that's what I wanted to talk about today. Going off of this NPR story. Cyber attack led to herring lapses at Ascension hospitals, clinicians say, ah, let's try to avoid that in the future. And see what we can do from an it perspective to to support that. All right. That's all for today.
Don't forget. Share this podcast with a friend or colleague, use it as foundation for mentoring. We want to thank our channel sponsors who are investing in our mission to develop the next generation of health leaders. Notable service now, enterprise health. Parlance certified health and 📍 Panda health. Check them out at this week.
health.com/today. Thanks for listening. That's all for now.