With recent news that the projected cost of the February cyberattack on Change Healthcare has risen to $2.3 billion and the widespread impact of the CrowdStrike outage on so much of the country’s infrastructure, it’s particularly relevant to discuss how critical cybersecurity is among healthcare practices right now.
According to Software Advice’s data security report, 42% of healthcare practices have had cybersecurity incidents, and 27% of those attacks directly impacted patient care. That’s not surprising when you consider that 87% of medical data is now digital, and 55% of medical practices allow employees access to more data than is necessary—leaving these practices even more vulnerable to breaches and cybercrimes. Perhaps the most alarming statistic, though, is that over a third (37%) of healthcare practices do not have a cybersecurity response plan in place to help manage the fallout of a cyberattack.
It is imperative that practices prioritize the creation, maintenance, and training of a comprehensive cybersecurity response plan to mitigate the threat of patient data breaches.
Our survey shows that most practices with cybersecurity response plans in place include the following in their protocols:
- Defined roles and responsibilities to identify who is responsible for each task
- Documented communication protocols
- Reporting requirements and contact forms
- A formal definition of a cybersecurity incident, including severity ratings and prioritization protocols
Once a plan is in place, practices should focus on shoring up vulnerabilities related to human error. They can do this by implementing stringent access controls and increasing employee training on cybersecurity best practices, both of which will serve to protect patient data and ensure practices are compliant with federal requirements.
While we’re lucky the CrowdStrike outage was not a malicious attack, the situation still teaches us some important lessons on how practices should plan to respond to an attack in the days and weeks after:
- Immediate Response: Activate your cybersecurity response plan immediately. Ensure all team members know their roles and responsibilities to avoid confusion and delays.
- Containment: Isolate affected systems to prevent the spread of the attack. Disconnect from the network if necessary.
- Assessment: Conduct a thorough assessment to understand the scope and impact of the attack. Identify what data has been compromised.
- Communication: Inform all stakeholders, including employees, patients, and regulatory bodies, about the breach and the steps being taken to address it.
- Recovery: Work on restoring systems from backups and ensure that all malware is removed. Validate the integrity of restored data.
- Review and improve: Analyze the incident to understand how it happened and what can be done to prevent future attacks. Update your cybersecurity response plan and protocols accordingly.
- Ongoing monitoring: Keep a close eye on your systems for any signs of residual threats or new attacks. Implement stronger security measures and conduct regular audits.
As the healthcare industry grapples with the complexities of digital data management, these measures are not just recommendations, they are necessities to safeguard patient data and maintain the integrity of medical practices.
Lisa Morris
Lisa Morris is an associate principal medical analyst at Software Advice, a company that simplifies software buying. Through one-on-one conversations and trusted insights, industry-specific advisors guide buyers to top software options in as little as 15 minutes.