How to Protect Sensitive Business Information From Cyberattacks

Establishing and maintaining an effective system to protect the interests of privacy while protecting sensitive personal data and sensitive business information from external interference is one of the organization’s top priorities. It is one. The implementation, monitoring, and continuous updates of these precautions define the organization’s first line of defense. But what if the organization actually suffers a breach? May be specifically available to medical institutions to address continuity and disaster planning (BC / DR) aimed at ensuring resilience and recovery in the event of a potentially catastrophic cyberattack. Is there any guidance?

Recently, the Healthcare and Public Health Sector Coordinating Council (HPHSCC) has released the Operational Continuity-Cyber ​​Incident (OCCI) Checklist to help healthcare organizations maintain operational continuity during recovery from cyberattacks. This guidance occurs at a critical time when cybersecurity risks are high for US-based healthcare organizations. Indeed, the dramatic increase in zero-day attacks, especially ransomware exploits, emphasizes that resilience, continuity, and disaster planning are more important than ever, coupled with increased recovery costs from cyberattacks. doing. Still, while it’s clear that “one ounce of prevention” deserves “one pound of treatment” in the health care arena, many organizations are still struggling with how to implement or update their emergency response plans.

Cyber ​​risk increases in the wake of the conflict between Russia and Ukraine

Over the past few years, the Cybersecurity and Infrastructure Security Agency (CISA) has tracked the activity of malicious hackers and is the primary target of cyberattacks, including malware (mostly ransomware) and data theft. I found it to be healthcare and public health. , And interruption of healthcare services. This increased risk was explained earlier, but due to the ongoing Russian invasion of Ukraine and its regional and global economic implications, the organization was from a state-owned cyber attacker, according to CISA last month. Attacks are increasing further. The American Hospital Association has reiterated the need for medical institutions to take special precautions in the light of this growing threat.

Adverse effects on medical institutions

It is true that cyber attacks can cause serious operational disruption, financial stress and even harm to patients. Recent experience highlights the fact that the risks of these harmful consequences are enhanced by the growing reliance on digital infrastructure and solutions in the medical sector. Many medical institutions implement professional and interconnected information technology systems, including electronic medical records, electronic prescription solutions, clinical management tools, and clinical decision support algorithms. Both of these can be vulnerable to cyber security attacks. Vulnerabilities in technology systems expanded during the COVID-19 pandemic, greatly inspiring healthcare providers to adopt the Internet of Things and deploy remote monitoring solutions that are also vulnerable to attacks.^[1]

Healthcare security regulations provide limited guidance

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides a useful starting point for healthcare organizations to develop emergency resilience and recovery policies and procedures. In fact, such a plan is mandated by the HIPAA security rules. This rule is intended to take steps to protect the confidentiality, integrity, and availability of an organization’s protected medical information as a healthcare provider recovers quickly from an attack. Organizations seeking to develop these plans will also benefit from implementing the “recognized security practices” referred to in the Health Information Technology (HITECH) Act for Economic and Clinical Health 2021. Will receive. As previously explained, the HITECH Act states that fines, audit results, or other remedies for resolving potential HIPAA breaches “are subject to the entity and business in making certain decisions. We are instructing the Department of Health and Human Services to “consider certain recognized security practices of associates.” .. Adopting these best practices provides a working incentive for healthcare organizations.

The OCCI checklist is designed to “provide flexible templates for operations staff and executives to respond to and recover from long-term corporate outages due to severe cyberattacks.” Checklists are valuable to organizations of all sizes and complexity, including small groups of doctors, community emergency clinics, and national hospital systems. To serve these diverse entities, the checklist is divided into 10 role-based modules to suit the incident command system. Organizations can also refine or modify modules to suit their size, resources, and capabilities. These role-based modules describe the leadership capabilities required for the first 12 hours after a cybersecurity incident.

• Incident CommanderProvides an overall strategic direction for all site-specific response actions and activities.

• Medical Technology Specialist (Expert / Advisor in the target field), A person who advises the Incident Commander or Section Chief on issues related to the response. Understand and communicate specific impacts and recommendations, taking into account your area of ​​expertise.

• Public information officerApproved by Cybersecurity, IS / IT Managers, Incident Commanders, it serves as a means of communicating information to internal and external stakeholders such as site personnel, visitors, family members, and news media.

• liaisonPIO, Med-Tech, IS / IT Section Chief Coordinating External Partner Communication

• Safety officerIdentify, monitor, and mitigate safety risks to long-term, massive outage patients, staff, and visitors.

• Operations Section ChiefDevelop and recommend strategies and tactics to continue clinical and non-clinical surgery during incident response and for recovery.

• Planning section chiefOversees all incident-related documentation related to incident operations and resource management. Start a long-term plan. We will hold a planning meeting. Create an incident action plan for each operational period.

• Treasury ChiefA person who monitors the use of financial assets and the accounting of financial expenditures. Oversees documentation of spending and expense reimbursement activities.

• Logistics section chiefOrganize and direct the service and support activities needed to ensure that the site responds to incidents with the critical qualities needed.Available as needed

• Intelligence (IS / IT) Chief, A person who provides technical response, continuity, and recovery recommendations. Partner with cybersecurity to notify you of incident response decisions and activities. Coordinate intelligence and research efforts.

footnote

^[1] See Journal of Oral Biology and Craniofacial Research (January 30, 2021) – Internet of Things (IoT) -enabled health care helps tackle the challenges of the COVID-19 pandemic.