As the chief information officer (CIO) of a large hospital system, it is my responsibility to lead the charge in cybersecurity preparedness, and I have done this through a nuanced approach to incident response planning. In an era where healthcare organizations heavily rely on digital systems and sensitive patient data, the threat of cybersecurity incidents looms large; the importance of incident response procedures cannot be overstated. These procedures provide a structured approach to identify, mitigate, and recover from security breaches, ensuring the continuity of patient care, safeguarding patient data and maintaining the trust of the community. Effective incident response procedures are not just a best practice; they are a fundamental requirement for the modern healthcare landscape, helping hospitals protect both their patients and their reputation.

To this end, we decided to take a slightly different approach. Instead of having the standard technical incident response playbook most organizations have, I asked my team to help create two different ones: one being the standard tactical response team incident response plan which delves into the technical nuances of incident response. The second is a command center incident response plan which provides a high-level overview for our leadership team, allowing them to remain abreast of the technical work and guide our response to cybersecurity incidents. Together, these plans equip our organization to efficiently navigate the complex world of cybersecurity threats.

Command Center Incident Response Plan

Our command center incident response plan serves as a guiding light for the hospital’s leadership team during cybersecurity incidents. In the healthcare space, we encounter cyber threats on an almost weekly basis, and often the non-technical team feels out of the loop as we decipher the severity of attacks. A playbook created specifically for them helps alleviate their confusion and helps them make decisions more effectively.

While our technical teams focus on the intricate details of cybersecurity incident response, this plan allows our executives to provide valuable resources and guidance to our dedicated cybersecurity incident response team. It ensures our leadership remains informed and ready to make strategic decisions. The playbook includes checklists for our key executives, including the CFO, CHR, CLO, CMO, CAO, CSO, CNE, VP of facilities and VP of IT. It works in conjunction with the tactical response team incident response plan, guiding the remediation process, recovery of affected systems and reporting procedures required by law.

Both plans adhere to the best practices defined in the National Institute of Standards and Technology (NIST) incident response lifecycle, consisting of five stages: preparation, detection & analysis, containment, eradication & recovery, and post-incident activity. Each stage is comprehensively covered in both plans, offering guidance from both a technical and leadership perspective.

The Power of Dual Playbooks

Speed and efficiency: Technical teams can act swiftly using the tactical response team incident response plan to contain and mitigate threats. Simultaneously, our executives can focus on their roles with the guidance of the command center incident response plan, ensuring the hospital’s broader stability during an incident.

Specialized expertise: Each playbook caters to the specific expertise and responsibilities of its intended audience. This ensures clarity in roles, minimizing the risk of confusion or miscommunication during a crisis.

Legal compliance and reputation management: The command center incident response plan helps executives navigate legal and regulatory complexities while managing public relations, safeguarding our hospital’s reputation.


In the realm of healthcare, where patient data and operational continuity are paramount, cybersecurity preparedness is not an option; it’s a necessity. As the CIO of Palomar Health Hospital, I understand the gravity of our responsibility in this regard. Our dual playbooks, the command center incident response plan for leadership and the tactical response team incident response plan for technical teams, exemplify our commitment to efficient and effective cybersecurity incident response. By adopting these plans, we empower our teams to act swiftly and decisively, ensuring minimal disruption to patient care and organizational stability. In an era of ever-evolving cyber threats, these playbooks are not just advisable; they are essential for safeguarding the future of healthcare at our hospital.


Anis Trabelsi

Anis Trabelsi is the CIO of Palomar Health. With extensive security experience, Trabelsi has led the Palomar Health security team since 2016. As CIO, he leads the IT department, cybersecurity office, and physical security functions to align key processes with regulatory compliance and with the vision, goals and objectives for reimagining healthcare security. With an impressive and diverse background, Trabelsi retired as a decorated law enforcement officer in 2016 and served honorably in the U.S. Marine Corps before that. He holds a master’s degree in management from the University of Redlands and a bachelor’s degree in criminal justice from the University of Phoenix. Progressing to chief of security at a prominent hospital showcased Trabelsi's strategic acumen. This paved the way for his transition to healthcare technology leadership. As a visionary CIO, Trabelsi's integration of innovative technologies and comprehensive executive leadership at Palomar Health enhanced patient care and earned him both Employee's Choice of Leader and a Leadership in Action Award. Trabelsi's journey from Marines to healthcare CIO highlights a commitment to excellence, innovation, leadership, and transformative impact.

Seismic Solutions for Enterprises and Data Centers in California and Beyond
With locations smack-dab in the middle of the San Andreas Fault, Silicon Valley, and Bay Area, enterprises and the data...
Achieving Operational Resilience with an Integrated Business Management System
Learn how integrated business management systems can help promote operational resilience and facilitate greater visibility into mission-critical information Following the...
From Reactive to Proactive: Crafting a Future-Proof Disaster Recovery Strategy
Amidst today's dynamic digital landscape, businesses are operating in increasingly complex IT ecosystems. The rapid progression of technology and changing...
6 Things You Need to Know to Lead Gen Z
[EDITOR’S NOTE: Raven Solomon is a keynote speaker at DRJ Spring 2022, March 21, live in Orlando. With this series...