3. You Could Prevent Small Incidents from Snowballing
A plan is worthless without constant vigilance and swift action. Start by knowing where your protected health information lives and what systems are most vulnerable. The first inkling that something’s amiss should compel you to pull logs and review them for anomalies. Having provisions throughout your network to look for certain behaviors, such as downloading or uploading large amounts of information, is also vital.
4. You May Choose to Leverage the Advice of Experts
Patients get the bulk of the attention in healthcare; IT departments tend to be bootstrapped. I don’t think it’s a good idea, therefore, to create your own incident response plan — you could miss a critical component. Consider bringing in a third party to help. An effective MITRE ATT&CK plan, for instance, has 13 steps. A trusted partner can ensure you don’t overlook any detail that could unknowingly thwart a breach remediation effort.
READ MORE: What happens to stolen healthcare data?
5. Your Plan Can Evolve to Address New Tools and Threats
We’re conditioned to change the batteries in our smoke alarms to ensure our safety each year; revising an incident response plan should follow the same cadence. With new devices and infrastructure rapidly changing healthcare delivery — as well as a growing wave of cyberthreats during the pandemic — it’s critical to revise and reshare your plan with IT teams so everyone is positioned to effectively squelch a flame.
This article is part of HealthTech’s MonITor blog series. Please join the discussion on Twitter by using #WellnessIT.