Healthcare Cybersecurity Preparedness and Response

By Dave Wojs

In 2020, a single data breach of Trinity Health in Michigan exposed 3.32 million sensitive records. Hackers reaped a similar bounty, but to the tune of 78.8 million records, when they breached health insurance provider Anthem, Inc. A single breach can give attackers access to millions of patient records that they can use to create false tax returns, execute identity theft schemes, and levy other kinds of fraud.

While it may be impossible to prevent a hacker from attempting to breach a healthcare company’s network, there’s a lot that providers can do to prepare ahead of time to minimize downtime and boost resiliency.

Presume you’re going to be attacked—and prepare

While finding ways to prevent a cyberattack is important, it’s safest to presume an attacker will penetrate your defenses. Some organizations are so focused on remediating all vulnerabilities and issues that they overlook the possibility of attackers finding a novel way of getting into their system. But by having a practiced response process and working with experienced disaster mitigation vendors, personnel at your organization can feel more confident, comfortable, and prepared.

Questions to ask to assess your resiliency system

Your healthcare organization must honestly and transparently assess its current infrastructure to ensure an adequate resiliency system. You must ask, “How can I understand how my continuity system operates if my primary infrastructure gets attacked and I’m unable to access it?”

Here are some questions to help you analyze your level of preparedness in the event of a cyberattack:

  • If your main system goes down, do you have a plan to communicate with all who need to be involved? This communication plan needs to include technology that won’t be impacted by an attack on your campus.
  • How can you manage risk related to cybersecurity and vulnerability? Managing your risk involves assessing which systems may be impacted and the kinds of digital assets most attractive to hackers. Some of these may include:
    • Patient payment data
    • Patient health records
    • Research data pertaining to the development of medicines or vaccines
    • Employee identification information, such as names, addresses, Social Security numbers, and contact info
    • Employee payment information, including bank info collected by HR for automatic payments or other financial transactions
  • Do you have people or providers in place who thoroughly understand the compliance requirements that apply to healthcare organizations? During a business continuity incident, the people or providers with this knowledge can provide a system of checks and balances to ensure you recover without overstepping legislative bounds.

How to plan to meet business continuity objectives

To ensure you meet your business continuity goals, you can take the following measures:

  • Ensure you can access your communication plan. A pivotal factor in limiting—or eliminating—significant business continuity disruptions is the physical location of your mitigation communication system. Your organization needs to have a communication plan in the event of a cyberattack. The documents associated with that plan need to be housed in an environment that will not be impacted. By doing this, your communication infrastructure can still be up and running even if your main system goes down.
  • Break down communication barriers. To ensure everyone is on the same page and understands the status of the mitigation and recovery plan in real time, your organization needs to be able to communicate using a centralized system. This way, you can coordinate your response to the incident, getting all hands on deck in a unified effort to rebound as quickly and comprehensively as possible. Your communication hub should also include disaster recovery resources that streamline the resiliency process.
  • Share your most critical data. Data sharing is a foundational component of any preparedness and response strategy. Organizations need someone who understands healthcare cybersecurity requirements. Your healthcare organization should be ready to share its most business-critical data efficiently, safely, and in accordance with HIPAA regulations. This requires a system that puts you in touch with all campuses, stakeholders, and decision-makers. For example, suppose a hacker can penetrate a system storing sensitive documents. In that case, you may need to make crucial decisions quickly, especially to get your system back up and prevent further attacks or data exfiltration. When you’re able to share your most critical system data—securely—you can assess and mitigate the damage as a team, using a united front to combat the attack.

Essential cyber hygiene

While your organization should act as if it will be attacked at some point, you must also take the proper steps to bolster defenses. The following steps can significantly reduce the chance of an attack, as well as the potential fallout of a breach:

  • Review administrator accounts and remove unused or unnecessary users and service accounts. These could provide an easy access point for hackers.
  • Apply least-privilege access and secure the most sensitive and privileged credentials. With least-privilege access systems in place, employees only have the rights to view and work within certain areas of your digital environment.
  • Review all authentication activity for remote access infrastructure. By checking who has accessed your systems, when, and from where, you can easily spot anomalies that could indicate an attack.
  • Secure and manage systems with up-to-date patching. By patching your systems, you take advantage of the work of developers who are dedicated to identifying and addressing vulnerabilities.
  • Use anti-malware and workload protection tools. Anti-malware tools can spot and stop attacks, as well as provide reports regarding their nature and source. Workload protection tools can prevent an attacker from overloading your system with false requests, such as through a distributed denial of service attack.
  • Isolate legacy systems. Legacy systems often have outdated security measures or vulnerabilities. This is often because the manufacturer stopped supporting and updating the system.
  • Enable logging of key functions. This gives you a storehouse of data you can analyze to determine how and when an attack began.
  • Validate your backups. Validated backups ensure you have the redundant systems you need to bounce back as soon as possible.
  • Verify your cyber incident response plans are up to date. An older cyber incident report system may not include action plans for the most recent attacks on the threat landscape, so it’s best to periodically review what you have in place.
  • Review your ransomware protection plans. Ransomware has been on the rise, so reviewing your protection and response plans is necessary to prepare for what’s become an increasingly common attack vector.

By taking the above steps, you can have the confidence to focus on supporting patients, partners, and other key stakeholders. A dependable communication system can, in the event of an attack, make the difference between minutes and hours of downtime. It’s best to identify solutions now so you can rest assured you’re ready for whatever hackers throw at your network.

Dave Wojs is senior director of public health and healthcare at Juvare, a leader in emergency management solutions for public and private organizations that need to optimize their resiliency strategies. Juvare’s solutions are adopted by a broad range of industries, including healthcare, aviation, education, and utilities, as well as state and local government, federal agencies, and government defense organizations.