What’s Your Cybersecurity Incident Response Plan?

As an agency that operates in the healthcare sector, you’ve probably heard how it’s no longer a matter of “if” but “when” you’ll be exposed to a cyberattack. You’ll be in the best available position to overcome one if you have an established incident response plan, detailing exactly what you intend to do the moment an attack occurs. This allows your team to prepare so that their reaction times are faster, more decisive, and better informed, rather than relying on any split-second choices made “in the heat of the moment.” Here’s a breakdown of what your plan can include, a couple of recent threats to the industry, and how a partnership with HCRS can help you protect your data.

1. Expect Ransomware

Chances are that any cyberattack you experience will be some form of ransomware. In the past, this was mostly automated malware, but today’s criminals have been known to work in coordinated teams referred to as RansomOps.

First, decide whether you’re willing to pay a ransom in order to regain access to any data you’ve lost. Keep in mind that even with a decryption key, organizations are lucky if they retrieve most of what was stolen from them. The choice to pay could also risk your reputation, encourage a repeat attack from the same hacker, or possibly violate federal law, notes Health Tech.

Second, maintain established, compliant backups of your data that you can rely on to keep your operations running, rather than face downtime and additional financial damage.

2. Inform the FBI

The Federal Bureau of Investigation can coordinate with your IT team to try and identify the perpetrators of an attack, says HealthcareITNews.

It’s important that you confirm the point at which you intend to contact them. Health Tech advises using legal counsel to make this determination, as well as for any disclosures to the public.

3. Consider Insurance

Health Tech also notes that cybersecurity insurance has become more commonplace, particularly for hospital systems. Using it can bring a certain financial peace of mind, and can also be an impetus from both your organization and your insurance provider to verify that your IT team has the best available tools at its disposal.

4. Follow the CMMC

We mentioned recently how the DoD has updated its guidelines for the Cybersecurity Maturity Model Certification, which is required of all agencies bidding for contracts with the government. Whether yours does or not, the policies and practices that are outlined in the CMMC are applicable to organizations across the industry, and can be just as easily adopted. In short: if you follow them, the better your network protection will be.

Current Threats

It’s important to stay up to date on all potential cyber threats to the healthcare industry. Here are two of the most recent that have been addressed by the Cybersecurity and Infrastructure Security Agency (CISA):

Apache Log4j. According to HealthITSecurity, this “extremely common Java framework” has a remote code execution (RCE) vulnerability that can be used to gain server access, download malicious binaries, and carry out ransomware attacks on a victim organization. A patch has been released that may offer partial protection, although not everything is known about this vulnerability, and legacy systems are likely at greater risk for compromise.

PrintNightmare. This high-severity RCE vulnerability “occurs when the Windows Print Spooler service inappropriately performs privileged file operations,” reports HealthITSecurity. It allows a bad actor to enroll a device to a dormant account, thereby gaining access to the network. You can find indicators of compromise (IOCs) and recommendations here.

Contact HCRS for Guidance

If you have questions or concerns about the steps outlined above, updates to the CMMC, or other tools for managing your data, we want to hear from you. Our team has extensive experience in these areas thanks to years of partnering with healthcare organizations and the federal government. When you’re ready, let’s schedule some time for a consultation.