The Healthcare and Public Health Sector Coordinating Council (HSCC) Cybersecurity Work Group has released an incident response template designed to help fill gaps in breach responses.
What’s new
This year, cybersecurity in the health sector continues to evolve as hackers become increasingly sophisticated. Many hospitals also face heightened strain from the lingering financial implications of COVID.
Paubox has stayed current in the changing landscape as new guidances and information is released on preventing and recovering from breaches.
The HSCC’s guidance is designed to fill a gap in response protocols seen thus far in the care of patients during a breach. The HSCC’s introduction states, “Unaddressed by the available guidance is the rippling operational impact on patient care unique to a healthcare cybersecurity incident.”
The overarching focus of the document is to help hospitals plan continuity in care even in the absence of critical technology. Furthermore, the guidance is designed to be a template for managers to use as they create hospital-specific protocols.
Related:
Going deeper
The 19-page document begins with incident identification. Their particular template is designed solely to assist in cyberattacks that result in a temporary loss of critical infrastructure. The plan is specifically designed for:
- Situations when business-critical information systems are unavailable
- An attack where endpoints (desktops/laptops/mobile devices) are unavailable
- An attack that could potentially spread to business-critical information systems or endpoints
The guidance also recommends the use of Cybersecurity Playbooks, which are operational plans for when specific, but not many, critical functions are temporarily lost.
The plan suggests outlining a governance team and operating under a command center. For external communication, the plan provides contact information for other relevant organizations, including the FBI and CISA, as well as what assistance a hospital can expect from these organizations.
Finally, the template offers a suggested containment strategy, which may vary depending on the cause of the cyberattack, as well as interim solution request information. The HSCC notes that a cyberattack can result in a longer-term loss of critical infrastructure. Hospitals should be prepared to consider the best interim solutions, whether requesting new technology, coordinating with other unaffected hospitals, or other solutions.
The big picture
The HSCC’s incident response plan is designed to be used with other strategies to repair infrastructure and prevent future breaches.
For any plan to be effective, it requires stringent preparation, practice, and flexibility. Considering the frequency and severity of breaches, hospitals should carefully review the template and adjust it to the needs of their clinic or hospital.
Related: HIPAA Compliant Email: The Definitive Guide.
Abby Grifno
