<img height="1" width="1" src="https://www.facebook.com/tr?id=156746741685952&amp;ev=PageView &amp;noscript=1">
Show all

Why Doctors and Hospitals need an incident response plan

Why do doctors and hospitals need an incident response plan?

You’ve been breached. Now what?   Perhaps valuable patient data has been stolen.   Maybe hackers are asking for ransom in exchange for your own data that is now under their control.   Hackers work 24x7 planning breaches and attacks to get your valuable patient health information – and they have a high rate of success.   The breach or the attack itself is not the biggest problem – being unprepared for it is!

An incident response plan is a step-by-step guide for you to be able to quickly take action if you are affected by a breach, ransomware, or any security incident.

There is a range of attacks that can be carried out against a facility, so the first step in creating an incident response plan is to identify them all. If an attack has taken place, first you need to detect it and determine what has happened. The next step is to contain the problem and take corrective action, which may be different under various conditions.     There may be legal repercussions, communications to patients and government entities (State Attorney-Generals, Office of Civil Rights), data recovery and so much more to be done.

Recently, multiple hospitals have been in the news for being victims of ransomware attacks in which their computer systems and/or data were locked down and would only be returned if a ransom was paid.   Patients and treatments were impacted and the hospitals practically came to a standstill, losing revenue and impacting their reputations.   In more than one case, ransoms were paid to return to normalcy.   If clear incident response plans had been in place and current, these issues could have been addressed with different outcomes.

The underground black market has become a thriving scene for private health data.   Medical records fetch the highest price, making hospitals and medical facilities a prime target for cyber-attacks and be at risk of intrusions.   HIPAA Compliance requirements for the healthcare industry have become quite stringent.  Considering that more often than not, your patients’ data and lives may be adversely impacted by these attacks, can you afford to not have an incident response plan for your facility?

Rema Deo
Rema Deo

Rema Deo is the CEO and Managing Director at 24By7Security, Inc. Rema is certified as a Health Care Information Security & Privacy Practitioner (HCISPP) from (ISC)2. She is also a Certified Information Security Manager (CISM) from ISACA. She holds a certificate in Cybersecurity: Technology, Application and Policy from the Massachusetts Institute of Technology, and a Certified Data Privacy Practitioner (CDPP) from Network Intelligence. She also has a Master of Business Administration Degree from Symbiosis Institute of Business Management in Pune, India and a Bachelor of Commerce degree from the University of Bombay. Follow along the 24by7Security blog to learn valuable insights from Rema.

Related posts

October 20, 2020
October 6, 2020
September 29, 2020

Comments are closed.

HIPAA OCR Enforcement Actions against Business Associates
Security and Privacy for Telemedicine
Subscribe to our Blog!