<img height="1" width="1" src="https://www.facebook.com/tr?id=156746741685952&amp;ev=PageView &amp;noscript=1">
Show all

Why Doctors and Hospitals need an incident response plan

Why do doctors and hospitals need an incident response plan?

You’ve been breached. Now what?   Perhaps valuable patient data has been stolen.   Maybe hackers are asking for ransom in exchange for your own data that is now under their control.   Hackers work 24x7 planning breaches and attacks to get your valuable patient health information – and they have a high rate of success.   The breach or the attack itself is not the biggest problem – being unprepared for it is!

An incident response plan is a step-by-step guide for you to be able to quickly take action if you are affected by a breach, ransomware, or any security incident.

There is a range of attacks that can be carried out against a facility, so the first step in creating an incident response plan is to identify them all. If an attack has taken place, first you need to detect it and determine what has happened. The next step is to contain the problem and take corrective action, which may be different under various conditions.     There may be legal repercussions, communications to patients and government entities (State Attorney-Generals, Office for Civil Rights), data recovery and so much more to be done.

Recently, multiple hospitals have been in the news for being victims of ransomware attacks in which their computer systems and/or data were locked down and would only be returned if a ransom was paid.   Patients and treatments were impacted and the hospitals practically came to a standstill, losing revenue and impacting their reputations.   In more than one case, ransoms were paid to return to normalcy.   If clear incident response plans had been in place and current, these issues could have been addressed with different outcomes.

The underground black market has become a thriving scene for private health data.   Medical records fetch the highest price, making hospitals and medical facilities a prime target for cyber-attacks and be at risk of intrusions.   HIPAA Compliance requirements for the healthcare industry have become quite stringent.  Considering that more often than not, your patients’ data and lives may be adversely impacted by these attacks, can you afford to not have an incident response plan for your facility?

Rema Deo
Rema Deo

As CEO and Managing Director of 24By7Security, Inc., Rema is a highly experienced and credentialed information security professional. Among her certifications are PCI Qualified Security Assessor (QSA) from PCI SSC, Health Care Information Security & Privacy Practitioner (HCISPP) from (ISC)2, Certified Information Security Manager (CISM), and Certified Information Security Auditor (CISA) from ISACA. She also holds a certificate in Cybersecurity: Technology, Application, and Policy from the Massachusetts Institute of Technology, and Certified Data Privacy Practitioner (CDPP) from Network Intelligence. She earned her MBA from Symbiosis Institute of Business Management in Pune, India, and her Bachelor of Commerce degree from the University of Bombay. Be sure to follow the 24By7Security Blog for valuable insights from Rema and her colleagues.

Related posts

August, 29 2023
August, 22 2023
July, 11 2023

Comments are closed.

HIPAA OCR Enforcement Actions against Business Associates
Security and Privacy for Telemedicine
Subscribe to our Blog!