Enhancing Hospital Cyber Resilience: The New CRR Program by Joint Commission and AHA

CRR provides a self-assessment tool and expert review to evaluate hospitals' ability to sustain clinical operations amid cyber disruptions
May 8, 2026
2 min read
Add Us On Google

Key Highlights

  • The CRR program focuses on clinical continuity and operational readiness during cyber-related technology outages.
  • Hospitals can use a self-assessment tool to evaluate their current cyber resilience capabilities and receive expert feedback for improvement.
  • The initiative is a collaboration between the Joint Commission, AHA, and other healthcare organizations, developed over 18 months.
  • CRR aims to shift healthcare organizations from awareness to practical resilience, ensuring safe patient care during digital disruptions.
  • A future certification pathway will recognize hospitals demonstrating robust clinical and cyber resilience capabilities.
ID 165220673 © Josepalbert13 | Dreamstime.com
Joint Commission and American Hospital Association Partner on New Cyber Resilience Readiness Program

Joint Commission and American Hospital Association Partner on New Cyber Resilience Readiness Program

Joint Commission and the American Hospital Association (AHA) have partnered to develop a new Cyber Resilience Readiness (CRR) program. This initiative aims to help hospitals and health systems maintain safe clinical operations during cyber-related technology disruptions.

In a press release on May 4, Joint Commission stated that “CRR focuses squarely on clinical continuity, ensuring that patient care can continue safely and effectively even when mission-critical technologies are unavailable.”

Created through collaboration among Joint Commission, AHA, and various healthcare organizations over 18 months, the program is intended to complement conventional cybersecurity by focusing on real-world operational readiness and patient safety, not just IT recovery.

According to the announcement, CRR draws on lessons from real ransomware and cyber incidents affecting hospitals nationwide, with the aim of helping hospitals and health systems progress from awareness to readiness, and then to resilience, enabling organizations to shift from mere assessment to practical operational improvements.

CRR offers a self-assessment tool to evaluate their current ability to maintain safe care during cyber‑related technology outages. For a fee, organizations can submit this for expert review. At this time, the expert review will include topline recommendations on how they may address any identified vulnerabilities.

Joint Commission will eventually create a new certification pathway to acknowledge organizations that demonstrate robust clinical continuity and cyber resilience abilities. 

“Digital disruption poses a direct and growing threat to patient safety and clinical care,” said Jonathan B. Perlin, M.D., Ph.D., president and CEO of Joint Commission, in a statement. “Hospitals and healthcare organizations need practical tools to evaluate and strengthen their approach to withstanding these incidents. The new Cyber Resilience Readiness program is designed to help healthcare organizations focus on what matters most: maintaining safe, quality patient care and clinical operations at all times.”

About the Author

Pietje Kobus-McAllister

Pietje Kobus-McAllister

Pietje Kobus-McAllister has an international background and experience in content management and editing. She studied journalism in the Netherlands and Communications and Creative Nonfiction in the U.S. Pietje joined Healthcare Innovation in January 2024.

Sign up for our eNewsletters
Get the latest news and updates

Related

AI and Technology Alone Won't Fix Revenue Cycle Challenges: The Automation Paradox in RCM
How Agentic AI Can Bolster Patient Access Centers
Healthcare Providers Rapidly Adopting Verizon Neutral Host and Private 5G Combo Networks
Sponsored
The Power of Member Experience in Boosting Insurance Renewals
Sponsored