Joint guidance on managing the cybersecurity tactical response has recently been published by the Healthcare and Public Health Sector Coordinating Council (HSCC) and the Health Information Sharing and Analysis Center (H-ISAC). The guidance details some of the methods that can be used by healthcare organizations to manage cybersecurity during pandemics and other emergency situations.
Healthcare organizations have had to change operating procedures during the pandemic and are battling to provide treatment and medical services to patients at this extremely challenging time. Many healthcare providers have switched to telehealth services to try to prevent further infections, with those services often provided by clinicians working from home. The change in operating procedures and speed at which those changes have had to be applied have resulted in vulnerabilities being introduced. Many threat groups have seized the opportunity to attack healthcare organizations during the COVID-19 pandemic. Phishing, malware, ransomware, and domain attacks have all increased and remote workers are being targeted.
“While the COVID-19 pandemic has fundamentally changed the landscape, it’s not unusual to make sudden and drastic changes to technology platforms that support an organization’s crisis management activities,” explained the authors of the report. “These changes can introduce new vulnerabilities and new attack vectors.”
The Health Industry Cybersecurity Tactical Crisis Response Guide (HIC-TCR) can be used by healthcare organizations of all sizes to develop and improve their cybersecurity programs. Smaller healthcare organizations have most to gain from the guide, but it is also useful for larger healthcare providers as a checklist to make sure that their existing emergency response procedures cover all the bases.
The guide consists of four focus areas: Education and outreach; enhancing prevention measures; detection and response; and taking care of the team. Educating the workforce is essential. The guide details some of the methods that can be adopted to improve communication and response times, and maximize the effectiveness of the emergency cybersecurity plan. Prevention is critical. Healthcare organizations need to take steps to thwart attacks before they occur by reducing the attack surface and ensuring vulnerabilities are fixed.
Detection and response requires policies and procedures to be established to ensure potential cyberattacks are rapidly identified. Healthcare organizations should also leverage threat intelligence and take steps to block the attack methods that have been used in attacks on other organizations. It is also important not to forget the workforce. Employees will be having a difficult time and will naturally have concerns about their work. Healthcare organizations must take care of the team and reassure their employees, ensure their well-being, and conduct self-assessments to evaluate how well they are handling the crisis.
You can download the Health Industry Cybersecurity Tactical Crisis Response Guide on this link.