Key questions:
Is our cyber incident response plan up to date?
Does it include specific individuals from all clinical and business functions and risk committees, with defined roles, responsibilities and contact information?
Is the plan regularly tested, gaps and best practices identified and updated to include current threat scenarios, such as ransomware?
Is the FBI integrated into the plan?