A cybersecurity breach can occur despite data loss prevention efforts. What your organization does after a breach can make all the difference in limiting the impact of an attack.
When hackers exploit your organization’s vulnerabilities, it’s essential to identify your unique needs and respond accordingly. Here are some steps to respond and recover after a cyber event.
1. Stick to and train on your cyber attack protocol
Your organization has a specific cyber attack protocol in place for a reason. But during the stress of an attack, it can be tempting to veer from the plan and act impulsively. Examples include notifying employees earlier than planned or making changes to security measures before identifying the issue, both of which can disrupt response best practices.
Remember that it’s essential to stick to your playbook and center your organization’s needs in this time of turmoil. Then, follow the response plan closely to keep your team’s response on track. Doing so will help your organization focus on mitigation without disrupting daily operations and help minimize the impact on patient care.
Regular practice in the form of tabletop exercises can instill both proficiency and retention of the protocol, which yields efficient execution and calm during tumultuous situations.
2. Identify the attack chain
After a data breach, every healthcare organization should ask, “What went wrong? What exactly happened that allowed hackers to access our vulnerabilities?”
Investigate how the hackers accessed your network, which type of data they accessed, and whether any internal errors contributed to the issues.
While large-scale cybercriminals similarly attack organizations, some security breaches will be more difficult to understand. So take the time to identify the problem before you notify employees, patients, vendors, and the public.
3. Take legal measures
HIPAA regulations and other healthcare laws play a role in how your organization responds to a data breach. You first want to ensure that your team knows the laws and how they pertain to your facility. From there, you’ll need to work with your legal team.
Your legal team can help notify the Department of Health and Human Services (HHS) of the breach while providing guidance on communicating with employees, affected parties, and the media. They can also recommend when and how to notify law enforcement.
Every organization is unique and should approach these communications carefully. This also requires that your legal team be involved in and aware of their role during incident response procedures. The sooner you include them in the plan and the conversation, the better.
4. Control the narrative
It’s important to have a crisis communication plan that fits the makeup of your organization. Your IT team will likely need to collaborate with your internal communications team to notify employees about the breach. Ensure you are communicating at the right time and only to those that need to know.
Before all the facts are available, leaks to the media can exacerbate the situation, making a recovery more difficult and costly. Be sure that qualified personnel is available to answer questions, as your employees will likely have concerns about future security.
5. Notify other affected parties
As part of your data breach response plan, it’s essential to have a list of parties who may have been affected. These are the groups and individuals you may need to notify when an attack happens. For example, some of the parties on the list may be patients, vendors, and partner organizations.
You’ll want to make sure that you work with your legal counsel and PR team to ensure that the notification aligns with your organization’s brand and message. Remember that communication after a data breach is about maintaining trust and remediation.
6. Strengthen security measures
Identifying the risk, seeking legal counsel, and notifying the right parties are key first steps. However, you want to strengthen security measures immediately. There are a few steps that healthcare organizations should take to safeguard their systems:
- Change passwords on all accounts and devices
- Implement multifactor authentication
- Start monitoring financial accounts
- Double-check security at physical entry points
- Take affected equipment offline if necessary (do not turn off)
As each organization is different, these measures will vary for facilities of various scopes and sizes. Stick to your cyber attack response protocol to ensure that your bases are covered.
7. Learn and improve
Your IT team knows what caused the data breach, so consider what changes are necessary to improve your security posture. There are a few preventative measures that organizations can take:
- Training: If the issue was internal, consider employee security awareness training or professional consulting
- Third-party risk assessments: Some organizations will need to strengthen their third-party risk management program and vet potential vendors more thoroughly
- Network monitoring: Better network monitoring may also be the key to catching cyber threats earlier.
- Existing security: Fine-tuning and configurating existing security measures can lead to stronger cyber posture
The best approach to cybersecurity varies by organization. For example, large hospitals may need to do a complete sweep of their third-party vendors and connected medical devices, while smaller medical offices may need to strengthen their email security. Either way, it’s essential to identify the potential threats and plan for mitigation.
8. Contact a professional
The days and weeks after a data breach can be overwhelming. Your IT team may not know the best way to recover from the event and cover your specific needs. Third-party cybersecurity services may be an effective solution for organizations dealing with cyber incidents.
A healthcare cybersecurity firm is an excellent resource for identifying vulnerabilities, ensuring compliance, and forming an Incident Response plan. In addition, they may recommend services like penetration testing and vulnerability threat management to help educate and empower your organization.
From more insights, learn how OrthoNebraska Hospital is applying these strategies to protect their organization and patients, and strengthen their cybersecurity posture.
