Apr 22 2021

Why an Incident Response Plan is Necessary for Healthcare Organizations

IT leaders can’t count on keeping cybercriminals out, so they must be prepared to respond to cybersecurity incidents.

The coronavirus pandemic has challenged healthcare organizations in a variety of ways. Perhaps the most serious of these challenges have come in the security arena. Cybercriminals haven’t taken a break during the crisis; in fact, they’ve scaled up their bad behavior.

The Department of Health and Human Services reported a 50 percent increase in the number of cybersecurity breaches of healthcare networks over the first couple months of the pandemic. Cybercriminals have kept their feet on the gas ever since. A recent report from Black Book Market Research predicts that attacks on the healthcare industry will triple in 2021.

The result is an industry that is having trouble keeping pace with the advances cybercriminals are making. The Black Book research found that 96 percent of IT professionals in healthcare agreed that cybercriminals are outpacing healthcare organizations, leaving them at a disadvantage in responding to vulnerabilities.

Experts cite a number of specific risks:

  • The growing number of smart medical devices increases the attack surface that cybercriminals can exploit.
  • The temporary facilities that many organizations have set up to deal with the increase in patients did not include proper security protections.
  • Overtaxed IT and clinical staffs are so focused on their primary workloads that they have less bandwidth to identify security threats.
  • Users are concerned about pandemic health risks, increasing the chance they may click on malicious links.

Is a Security Breach Is Inevitable?

To make matters worse, the healthcare industry continues to face a shortage of qualified cybersecurity professionals. There’s no question that healthcare organizations should already have robust security measures in place and should be working to strengthen their defenses against the increased likelihood of an attack. While effective defenses are critical, however, healthcare IT leaders must understand that they are not foolproof. In fact, no matter how much time and how many resources an organization puts into cybersecurity defenses, it’s a mistake to think they will always be effective.

Organizations should assume that, at some point, they will face a security breach. Operating under this assumption, it’s imperative that they devote significant attention to responding effectively in the event of a successful attack.

READ MORE: Find out why an effective cybersecurity incident response program is important.

Plan for a Successful Cybersecurity Incident Response

Given the challenges that organizations face in keeping cyberattackers at bay, an effective incident response plan is essential. Having a plan in place helps to ensure that the response is swift and organized and that an organization is able to avoid rash decisions that could exacerbate the situation.

Healthcare organizations should consider these elements as they develop their incident response plans:

  • The plan should identify key members of the organization who are responsible for making tough and immediate decisions. These leaders should engage in tabletop exercises to practice effective response.
  • It should establish a process for training staff members in emergency response protocols and testing them to assess their effectiveness.
  • The organization should compile an inventory of its most sensitive information assets.
  • Response efforts should be integrated into the organization’s greater hospital incident command system.

Incident response is a complex process, and organizations should work on this issue long before a cyberattack occurs.

In the current environment, successful healthcare organizations are those that field defenses to keep cybercriminals out and respond effectively when they happen to get in.

gorodenkoff/Getty Images

Zero Trust–Ready?

Answer 3 questions on how your organization is implementing zero trust.