CIOREVIEW >> Healthcare >>

Effective Incident Response to Mitigate Cyber Threats in Healthcare

By CIOReview | Thursday, March 9, 2017

The modern healthcare industry has been on the radar of cybercriminals as numerous incidents of data breaches continue to plague the healthcare domain. With Internet of Things (IoT) simplifying and connecting people and equipment, this seamless internet-based connectivity has further exposed the healthcare systems and networks to the malignant world of cybercrime. In a recent cyberattack, a major Atlanta-based healthcare system’s patient appointment application faced a cyber attack that eventuated in violating the integrity of the patient health data.

Access to health systems and Electronic Health Records (EHR) through internet-based connectivity needs to be backed with a security strategy and an efficient recovery plan. Additionally, a critical aspect when it comes to fixing vulnerabilities and minimizing data loss during/after a cyber attack is assembling an incident response team of experts from fields such as forensics, legal, operations, investor relations, and management.

The rising frequency of data breaches has made it imperative for healthcare organizations to have a data breach response/incident response plan in place that complies with Health Insurance Portability and Accountability Act (HIPAA). According to the HIPAA Breach Notification rule, the affected healthcare establishment should notify the federal government and the public, post a data breach. In the aftermath of a data /systems breach, it is crucial that healthcare organizations secure their digital parameters to prevent future attacks.

Clean-up After a Breach

According to security experts, a security breach is often followed by hackers leaving behind malignant applications that might be dormant for a certain period before they inflict further damage. The first thing to do after detecting a data breach is to eliminate the rogue applications and check for the root cause for the breach. By detecting and eliminating such applications or vulnerabilities, healthcare organizations can diffuse hackers’ plans for ongoing or repetitive attacks.

Restore Services First

After a data breach incident, the primary focus of the healthcare establishment should be on restoring their services followed by conducting root cause analysis and forensics. A steadfast recovery has to be initiated to get back online at the earliest without getting distracted by a long-drawn investigative process. A proactive stance should be adopted by the enterprise to ensure that their incident response teams are well-equipped with a revised response plan.  

Scan All the Endpoints

A key procedure to be followed in the aftermath of a cyberattack entails a thorough scan of the infected environment. As the perimeter of corporate network continues to extend beyond the four walls of a typical office through mobile devices, this has broadened the attack surface to include endpoints and applications as targets today. As hacking tools communicate with different locations outside the breached enterprise, hackers often switch endpoints to escape detection by traffic monitoring tools. This makes it a high-priority to scan all the end points in a healthcare system post a data breach.

Focus on Security Upgrades

Healthcare establishments must realize that relying on security products to detect future data breaches and to thwart the attempts of cybercriminals is not sufficient. Security professionals should view each medical device connected to the network as a potential entry point for attackers. By running a supported operating system which is patched on a regular basis, healthcare organizations can counter security vulnerabilities whenever they arise.   

Taking into account the legal implications of a data breach, it is crucial for healthcare establishments to seek legal counsel after notifying all the stakeholders about the breach. With cyberattacks growing more sophisticated by the day, the adoption of more proactive cybersecurity measures is the need of the hour for healthcare establishments keen on safeguarding their brand reputation and patient health records. By identifying the technical and procedural changes that contribute effectively to prevent repeat attacks, healthcare systems can proactively counter hackers’ methods for breaching systems.