Data Breach Response: 8 Steps to Take for Your Organization’s Needs

Three people looking into a data breach

In 2021, more than 550 organizations reported healthcare data breaches to HHS, impacting over 40 million individuals.

The reality is that cybersecurity breaches can occur despite data loss prevention efforts. What your organization does after a breach can make all the difference in limiting the impact of an attack. 

When hackers exploit your organization’s vulnerabilities, it’s essential to identify your unique needs and respond accordingly. Here are some steps to respond and recover after a cyber event.  

Stick to and Train Your Protocol

Your organization has a specific cyber-attack protocol in place for a reason. But during the stress of an attack, it can be tempting to veer from the plan and act impulsively. Examples of veering could mean notifying employees earlier than planned or making changes to security measures before identifying the issue, both of which can disrupt response best practices. 

Remember that it’s essential to stick to your playbook and center your organization’s needs in this time of turmoil. Then, follow the response plan closely to keep your team’s response on track. Doing so will help your organization focus on mitigation without disrupting daily operations and help minimize the impact on patient care. Regular practice in the form of table-top exercises can instill both proficiency and retention of the protocol, which yields efficient execution and calm during tumultuous situations.

Identify the Attack Chain

Every healthcare organization should ask the main question of what went wrong after a data breach. What exactly happened that allowed hackers to access your vulnerabilities? Identifying the issues will help you build up your data security solutions based on your organization’s specific needs. 

Investigate how the hackers accessed your network, which type of data they accessed, and whether any internal errors contributed to the issues. While large-scale cybercriminals similarly attack organizations, some security breaches will be more difficult to understand. So take the time to identify the problem before you notify employees, patients, vendors, and the public. 

Take Legal Measures 

HIPAA regulations and other healthcare laws play a role in how your organization responds to a data breach. First, you want to ensure that your team knows the laws and how they pertain to your facility. Then, work with your legal team to ensure that you’ve checked all the boxes and communicated with affected parties in the right way. 

Your legal team can help notify HHS of the breach while providing guidance on communicating with employees, affected parties, and the media. They can also recommend when and how to notify law enforcement. Every organization is unique and should approach these communications carefully. This also requires that your legal team be involved in and aware of their role during incident response procedures. The sooner you include them in the plan and the conversation – the better. 

Control the Narrative

It’s important to have a crisis communication plan that fits the makeup of your organization. Your IT team will likely need to collaborate with your internal communications team to notify employees about the breach. Ensure you are communicating at the right time and only to those that NEED to know. Before all the facts are available, leaks to the media can exacerbate the situation, making a recovery more difficult and costly. Be sure that qualified personnel is available to answer questions, as your employees will likely have concerns about future security. Remember that a breach may warrant new security training for employees, keep that in mind as well. 

Notify Other Affected Parties

As part of your data breach response plan, it’s essential to have a list of parties who may have been affected. These are the groups and individuals you may need to notify when an attack happens. For example, some of the parties on the list may be patients, vendors, and partner organizations.

You’ll want to make sure that you work with your legal counsel and PR team to ensure that the notification aligns with your organization’s brand and message. Remember that communication after a data breach is about maintaining trust and remediation. 

Strengthen Security Measures

Identifying the risk, seeking legal counsel, and notifying the right parties are key first steps. However, you want to strengthen security measures immediately. There are a few steps that healthcare organizations should take to safeguard their systems:

  • Change passwords on all accounts and devices
  • Implement multi-factor authentication 
  • Start monitoring financial accounts
  • Double-check security at physical entry points
  • Take affected equipment offline if necessary (do not turn off)

Again, each organization is different, and these measures will vary for facilities of various scopes and sizes. Stick to your cyber-attack response protocol to ensure that your bases are covered. 

Lessons Learned

Your IT team knows what caused the data breach, so consider what changes are necessary to improve your security posture. There are a few ways that organizations will take preventative measures. If the issue was internal, consider employee training or professional consulting. Some organizations will need to strengthen their third-party risk assessment program and vet potential vendors more thoroughly. Better network monitoring may also be the key to catching cyber threats earlier. Don’t dismiss the tuning and configuration of existing security measures as well. 

The bottom line is that the best approach to cybersecurity varies by organization. For example, large hospitals may need to do a complete sweep of their third-party vendors and connected medical devices, while smaller medical offices may need to strengthen email security. Either way, it’s essential to identify the potential threats and plan for mitigation. 

Contact a Professional

The days and weeks after a data breach can be overwhelming. Your IT team may not know the best way to recover from the event and cover your specific needs. Third-party cybersecurity services may be an effective solution for organizations dealing with cyber incidents.  

A healthcare cybersecurity firm is an excellent resource for identifying vulnerabilities, ensuring compliance, and forming an Incident Response plan. In addition, they can recommend services like penetration testing and threat management to educate your team about current vulnerabilities. Many organizations will also benefit from outsourcing their cybersecurity program in a managed IT capacity, which can be a great preventative step. 

Having a cybersecurity professional by your side in any capacity can enhance your cyber-attack preparedness, as well as your reputation as an organization. The team at Fortified Health Security works with healthcare organizations of all sizes to build, maintain, and improve cyber security programs. Located in Franklin, TN, our team offers support through threat assessment and intelligence, healthcare security operations center (SOC), and advisory services–all based on your organization’s unique needs. Contact us today to get started.