Health Industry Cybersecurity Coordinated Healthcare Incident Response (HIC-CHIRP), June 2023.


“Various groups have published material for the technical response process to a cybersecurity incident. These plans and templates provide universal guidance that can be used across industries to inform how to detect, contain, respond, and recover from a cybersecurity incident. This template does not seek to replicate or replace those existing resources. Unaddressed by the available guidance is the rippling operational impact on patient care unique to a healthcare cybersecurity incident that expands the potential impact from not only loss of data or revenue but loss of patient safety. A focus on patient safety and preparations to handle operational disruptions are not foreign concepts to healthcare delivery organizations.

“Emergency Management planning prepares an organization to handle an array of hazards that could negatively impact patient care, but these plans are generally focused on kinetic rather than digital threats. Business continuity planning and downtime procedures address continuity of care in the absence of critical technology, but these plans tend to be built around general IT outages and cannot fully address the nuanced challenges of a cybersecurity incident outage. Healthcare Delivery Organizations have many of the parts and pieces needed to respond to a cybersecurity incident, but guidance is missing on how to tie all of these separate components together. This template seeks to serve as the cog that can be installed in the machine to allow all of the components to run together as a Coordinated Healthcare Incident Response Plan.

This document is a template. It is not intended to be directly usable to manage a response as-is. Sample content is provided throughout the template as a starting point, but it is expected that managers of this tool will use it as a guiding document to develop a plan tailored to their own organization. Plan guidance is included to help managers of the tool understand the purpose of each section while conducting this planning work. Plan guidance sections are formatted differently from template material for clarity and to allow enterprises to easily remove these sections in their final plan.

“This document is also a planning companion to the operational and response guidance of the Health Industry Cybersecurity Operational Continuity – Cyber Incident (HIC-OCCI), also published [in May 2022] by the Health Sector Coordinating Council.

“All incident response plans should be developed with appropriate consultation with all essential stakeholders both within and outside of the organization, consistent with enterprise policies and legal and compliance requirements.”

This document is accessible at:

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt