How to respond to a health system cyberattack
Healthcare organizations make for a uniquely vulnerable cyberattack target: Databases contain intellectual property and important research information in addition to extremely valuable personal health information (PHI), social security numbers, and financial information that can be sold on the black market for up to 50 times more than any other type of record, Trustwave reports.
Because hospitals and healthcare systems often rely on a shared network to achieve optimal patient care, hacking into one system can compromise hundreds of thousands of records. According to a 2022 mid-year report from Fortified Health Security, it took only seven data breaches to compromise 6.2 million records.
Healthcare organizations are also dependent on third-party vendors, like medical device supplies, insurance companies, and insurance companies. In 2022, of the 10 largest data breaches in healthcare, 90% came from third party vendors.
While prevention is the best form of security, these are the steps to take if a cyberattack does occur:
How to respond to a cyberattack
1. Isolate impacted systems
Ascertain which systems were affected, and isolate them. If it’s unclear, or if several systems were affected, it’s necessary to shut down the network in order to prevent the attack from worsening. If it’s not possible to shut down the entire network, then power off affected systems.
2. Determine and document the scope of the attack
Prioritize recovery based on the nature of the vulnerable data. Systems containing health and personal information should be first in line for recovery over any other system. Prioritizing systems allows organizations to recover faster and more efficiently from attacks. Document the event with detail.
3. Report cyberattack to authorities
The Federal Computer Fraud and Abuse Act makes cybercrime a federal crime, and the federal government provides many avenues to report cybercrime. It’s important to report cyberattacks to both the FBI and the Cybersecurity and Infrastructure Security Agency (CISA). The checklist should go as follows:
- Submit a cyberattack to CISA.
- If a ransomware attack, submit a relevant report to the FBI.
- If a malware, phishing, or other attack, submit a relevant report to the FBI.
- In addition, organizations should report cyberattacks to report@cisa.gov or call (888) 282-0870
Federal law enforcement might be able to resolve ransomware, as security researchers have uncovered the encryption algorithm for some variants.
4. Inform stakeholders
If a data breach has occurred, it’s important to inform relevant stakeholders, such as patients or employees.
5. Go over security measures
Review what current systems are in place, and what needs to change to prevent a future attack. This may include updating software, strengthening the current security protocol, or improving security training for employees.
Related article: 5 tips for preventing healthcare system cyberattacks