If a provider conducts routine backups, a successful ransomware attack becomes an annoying nuisance instead of an existential threat.
Modern backup technology makes the process as simple as purchasing an account with a cloud backup provider and configuring software to perform regular backups. Backup software incorporates strong encryption to protect files from prying eyes and allows the rapid recovery of patient records in the wake of an attack or human error.
3. Assess Risk on a Regular Basis
Cybersecurity is not a one-time project. While providers may invest significant time and energy in an initial project designed to bring operations up to current best practices, they must also treat security as an ongoing responsibility.
After all, threats evolve and business practices change, introducing new risks and security solutions. Providers should schedule annual risk assessments designed to identify new vulnerabilities and implement controls to address them.
If the provider’s IT staffers have expertise in security, they may conduct these assessments in-house. Consulting firms offering assessment services may also be called on to create a point-in-time snapshot of an organization’s cybersecurity status.
4. Consider the Need for Insurance Coverage
Cybersecurity risk insurance policies offer providers peace of mind that they’re protected against the financial impact of a ransomware attack or other cybersecurity incident. These policies kick in when an organization suffers a breach and provide access to subject matter experts as well as the financial resources necessary to respond to a serious situation.
Providers considering a policy should consult an attorney and carefully read the policy’s detailed provisions.
Watch for exclusions that limit the insurance carrier’s liability in the event that the provider is found to be in breach of HIPAA or other security regulations: Aggressive auditors can almost always discover a compliance failure that might render a policy invalid in the wake of a breach.
5. Create a Robust Response Plan
Every organization should have a cybersecurity incident response plan that outlines the steps that the organization will follow during a security breach.
Comprehensive plans describe procedures for identifying incidents, containing the damage, eradicating the effects of the incident and recovering normal operations.
They should also include after-action procedures that help incorporate the lessons learned during an incident response effort into both the organization’s ongoing cybersecurity program and its response to future incidents.
Providers seeking an incident response starting point should consult the Computer Security Incident Handling Guide from the National Institute of Standards and Technology. This free publication is widely considered the authoritative reference for incident response teams in both the government and the private sector.