Apr 01 2022

3 Shifts Driving the Need for Improved Incident Response in Healthcare

Worsening threats, new insurance mandates and changes to healthcare infrastructure create security challenges that incident response can help solve.

For healthcare organizations squaring off against today’s sophisticated cybercriminals, the stakes are high: A successful breach can result in potential disruptions to patient care, loss of private health data, reputational damage and even the risk of legal action.

Incident response programs help mitigate the impact of such events by enabling healthcare providers to act swiftly and thoroughly in the event of compromise. Many organizations already recognize the value of such a program, but in this global threat landscape, there is no such thing as being too prepared.

LEARN MORE: Explore processes, solutions and services for strengthening your incident response program.

Here are three important reasons you should consider adopting or expanding your incident response plans this year:

1. Ransomware Attackers Move Swiftly Once Inside Your Network

According to the cybersecurity website Dark Reading, median dwell time for all cyber incidents fell from 56 days to 24 days between 2020 and 2021. Although the drop is in part driven by organizations’ growing adeptness at detecting threats, the larger truth is much darker: Overall dwell time has decreased so significantly because today’s ransomware has a median of just five days on the network before locking organizations out of their systems.

“It’s going so quickly, so stealthily, that we don't even have as much time to catch inconsistencies before we’re already locked down,” says Mikela Lea, a CDW field solution architect focused on security assessments.

The reduced time from system infiltration to the arrival of ransomware demands makes it even more critical that IT teams have a plan in place for responding to incidents the moment an inconsistency is detected. That’s especially true in healthcare, where HIPAA Journal notes that at least five of the top 10 data breaches reported in January 2022 involved ransomware.

Click the banner below for access to exclusive HealthTech content and a customized experience.

2. New Insurer Mandates Make Incident Response a Wider Priority

Cybersecurity insurance policies can reduce the financial impact of a security incident in healthcare; however, with the ever-growing threat of ransomware and other attacks, insurance companies have become less willing to foot the bill for customers that aren’t taking precautions.

This reluctance can lead to one of two outcomes for organizations: Either they will not qualify for coverage if they don't have certain proactive measures in place, or they will pay higher premiums.

For some organizations, those consequences have drawn the attention of finance departments or other upper-level executives who previously did not have a hand in security. That means healthcare IT professionals should be prepared to defend their incident response plans if they come under the spotlight with new stakeholders.

3. Evolving Health IT Requires Governance and Security Documentation

The pace of change within the healthcare industry also reinforces the need for formal security policies and procedures. For instance, even before the COVID-19 pandemic accelerated cloud adoption and telehealth programs, providers consistently looked to digital innovations to deliver care and improve patient outcomes.

Nearly every technology change that healthcare organizations make can affect incident response planning. CDW’s Lea notes that even if an organization is just switching vendors for its emergency medical record system, it should have a clear governance framework in place. Who's going to have the ownership of it? How is it going to be managed? All of this needs to be documented ahead of time,” she says.

Sidestep Common Mistakes: Insufficient documentation is just one way your incident response plan can go awry. Discover more avoidable errors in the CDW white paper.

Mergers and acquisitions, which are common in healthcare, represent another area where documented security policies and procedures are incredibly important.

“We need to test those new environments before we add them,” Lea says, and a thoughtfully designed and executed incident response program helps ensure no stone is left unturned.

shapecharge/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT