Data breaches and other cyberattacks occur far too frequently in healthcare organizations. Hospital IT departments...
tend to invest in their readiness against healthcare cybersecurity threats by ensuring they have tools and procedures in place to block a threat from getting into their systems in the first place. However, they often fall short of preparing themselves to deal with the aftermath of an attack if one does occur.
While it is natural for IT to immediately take actions to recover and repair the systems, there are a number of other activities and tasks that must be followed in order to ensure they can mitigate their risks for further system damage and reduce their liability. Here are the top six steps health IT must take to mitigate healthcare cybersecurity threats.
- Locate and quarantine the threat
One of the first steps hospital IT must take is to identify the source of the infection or breach. Whether it is a virus, ransomware or data breach, IT has the critical task of finding the device or endpoint that has been compromised and is considered ground zero. This can be an end user's machine or a connected medical device. Once the threat is identified, these machines must be immediately isolated and separated from the rest of the network.
- Communicate with the internal cybersecurity response team
While small healthcare organizations may only require a small number of individuals to form a cybersecurity response team, a large hospital or health system will need a much larger team from different departments. The goal of this team is to ensure the healthcare organization can appropriately respond to a security incident and follow predefined processes and procedures that they established in order to safely resume operations.
- Harden the systems and elevate infrastructure monitoring
While it is likely for hospital IT to be busy looking at the extent of the infection and identifying how to restore system functionality, it should be a top priority to secure the environment to avoid further damage. In the case of a hacking attack, hospital IT will need to monitor all outbound traffic and block traffic to any suspicious internet addresses. IT may also need to limit inbound traffic in case hackers are still attempting to access the systems.
- Notify external entities of the incident
One of the first groups that should be contacted during and after the confirmation of an attack is the cybersecurity insurance provider. The vendor in most cases is able to assist the impacted organization during this time of crisis with technical and nontechnical resources. They can also be a great resource when it comes to interacting with federal or state entities if the breach affects personally identifiable information or HIPAA-related data. The vendor may also be able to perform an in-depth forensic security assessment to identify the extent of the breach.
- Execute the contingency plan
Since there are different types of healthcare cybersecurity threats ranging from malware to phishing attacks, IT will need to respond appropriately based on their own cybersecurity playbook. This may include a complete restore of data and systems or the use of off-site systems while the internal system is being repaired. Depending on the extent of the damage, the response time can range from a few hours to a few days.
- Adopt new security measures and determine lessons learned
It is common for an organization that has just suffered a cyberattack to increase their investments in their security safeguards in the aftermath. The increased budget allows the group to add more security tools and additional training for their end users as part of their efforts to become better prepared for any future healthcare cybersecurity threats.
Healthcare organizations are especially vulnerable to cyberattacks due to the growing dependence clinicians have on the computer systems they use for patient treatment, and any attack that causes system outages can have an impact on patient care. While being prepared for the worst can help reduce the damage to the infrastructure and ensure a timely recovery from healthcare cybersecurity threats, IT executives will need to constantly evaluate their plans as the threats continue to evolve.