How Healthcare Practices Should Respond to a Security Breach

Every organization has valuable data that cybercriminals can use to make money. Healthcare practices and facilities are more vulnerable because of patient information.

Healthcare breach costs have risen 53.3 percent since 2020. Healthcare breaches have been the most expensive for 13 years in a row.

It’s a matter of privacy and trust. Your patients are at risk if your data remains vulnerable.

So is your reputation.

It’s hard to recover from a data breach, especially for smaller practices. Because the possibility of a breach is more “when” than “if”, having a plan in place will help you reduce the risk of information being stolen, mitigate further damage, and get back on your feet as quickly as possible.

Start your response plan

From the moment you suspect a data breach, it’s critical to stop the process and repair your system as quickly as possible. This is easier if you have an incident response plan in place.

Immediate action will help you recognize its origin and put a stop to it. This might involve updating credentials, taking servers offline, or contacting a response team to assist in the process.

This isn’t the time to start your Google search. Instead, you should have your plan in writing, referring to it to help walk you through the steps to contain it and repair any damage that has been done.

Preserve evidence

It’s only natural to want to fix and recover your data quickly. However, without taking the proper steps and contacting the right people to walk you through the process, you could damage any evidence investigators may need to determine how the breach occurred. This can also leave gaping holes in your system, leaving you vulnerable to future breaches.

A plan in place can stop the urge to act quickly. Don’t wipe and reinstall systems until you have the support you need to assess the evidence and keep records as appropriate.

Contain the breach

Isolating the affected systems will help you prevent further damage. You can disconnect from the internet by disconnecting from the firewall or router. Disable all remote access points, and change account passwords to online accounts. Be sure to document every step you make, including old passwords.

Start response management process

It’s time to start connecting with your response team. This can be your technology partners, Health and Human Services, law firms, PR firms, and anyone else that will take a role in fixing the breach. The HIPAA Breach Notification Rule requires HIPAA-covered entities and all business associates to notify of any breach of unsecured patient data.

You should also have a response when dealing with patients and the public. PR nightmares begin when employees release data before management has the opportunity to tell the public. Designate a spokesperson and have rules in place to ensure employees understand the protocol for speaking about the breach.

It’s best not to jump to conclusions. Create specific statements that stick to the details, without relying on opinions or assumptions. Be sure to protect patient information and interests.

Fix your systems

If a cybercriminal found their way in, your system is vulnerable. Once all evidence is gathered and the problem is contained, it’s time to fix your systems and bring it all back online. This is where your IT team and any partners you bring on should question every step of the process:

  • Have all recommended changes been implemented?
  • Have all systems been patched and tested?
  • Are the tools you’re using secure from another attack?
  • Do you have a plan for preventing future attacks?

Create your long-term strategy

As the adage goes: Fool me once, shame on you; fool me twice, shame on me. A critical part of any recovery process is learning from the process. If a weakness was found, you can bet criminal activity will check for the same weakness again.

Don’t be caught unprepared. Use this to create a more robust incident response plan, making security a top priority in the future. This may be the perfect time to partner with a team with IT skills who also have healthcare-related experience.

You don’t know what you don’t know. But that shouldn’t stop you from being prepared. There are ways to give your organization every advantage of being protected from future attacks.

What is your plan?

For IT Strategy, Cloud Conversion, or Help Desk Services reach out to us at Silver Linings Technology 360-450-4759.