Cybersecurity is on the rise in the healthcare industry. Just this year alone, we’ve seen some of the largest and most alarming healthcare data breaches in history, including those related to the American Medical Collection Agency, insurer Dominion National, and Inmediata Health Group, just to name a few. These data breaches have affected millions of patients, putting their sensitive healthcare information at risk.
The number of healthcare data breaches keeps going up year after year. In 2018, the healthcare sector saw 15 million patient records compromised across 503 breaches, which was three times the amount seen in 2017. Third parties, malware, and phishing attacks contributed to most of these hacks, proving that the healthcare industry is far from immune from cyberterrorism.
If your facility has been the victim of a cyberattack, find out what to do next, so you can protect your IT system from future incidents.
Create a Response Plan
Every healthcare facility or system needs to have a cybersecurity response plan in place if a cyberattack should occur. This includes assembling a critical response team that can help your facility navigate the aftermath of an attack and prevent more information from being compromised. The team will be responsible for updating and managing your facility’s cybersecurity system. They should also keep up with the latest healthcare IT news, including the HIPAA Journal, to make sure your system is up to date. Healthcare cybersecurity trends tend to change on a dime, so your team needs to stay vigilant.
The response plan should include steps for safeguarding your facility’s healthcare system, reporting the incident to local authorities, and bringing the system back online once the threat has been neutralized. In the event of a cyberattack, team members also need to survey the scope of the damage, including whether files were downloaded or viewed, how many patients were affected, and how this information may be used against your facility.
Contain the Breach as Much as Possible
Once you and your team become aware of the breach, everyone needs to do their part to contain the leak of information. This usually includes changing administrator passwords and usernames, segregating hardware from critical devices and relocating them to a separate server, quarantining malware and suspicious files before deleting them, preserving firewall settings and security logs, and restricting Internet traffic so only authorized personnel can access the system.
Time is of the essence during the aftermath of a cyberattack. The longer you wait, the more information may be exposed. Create communication protocols to keep your team in the loop if a cyberattack occurs so that everyone can complete these steps as quickly as possible.
Staying calm during the aftermath of a data security breach isn’t always easy, especially if you and your team have never encountered a situation like this in the past. While you may be tempted to wipe out your entire system in order to delete the virus, you need to gather evidence regarding the breach. Your report should include the following information:
- How and when you learned of the suspected breach, including the specific date and time
- What you were told in the notification
- All actions taken after you received the notification
- The date and time you disconnected health information systems from the Internet
- If and when you changed account credentials/passwords
- And any other remediation steps taken
You can report a suspected breach to the U.S. Department of Health and Human Services Office for Civil Rights. Its website includes a list of all ongoing and reported incidents, so you can learn more about your current situation and how other facilities responded. You can also find a list of data security resources and response protocols to help reinforce your IT system.
Alert Affiliates and Business Partners
Once you’ve gathered and documented all information regarding the attack, you will need to contact your business partners and the general public. Creating a public relations strategy is key to overcoming a data security breach. Some of your patients and customers may lose faith in your facility’s ability to protect their personal information.
You’ll need to release a statement documenting the facts of the breach, how many people may be affected, what kinds of information may have been compromised, as well as any steps taken to remediate the breach and how your facility plans to secure this information going forward.
Repair Your Healthcare Data IT System
Lastly, you’ll need to reinforce your healthcare data IT system to prevent hacks from happening in the future. You may want to hire an investigator to audit your system and investigate the attack. Cooperate with HHS officials to learn more about the attack and how you can best protect your system from malware and other cybersecurity threats.
Opening suspicious emails, downloading files, and clicking on unfamiliar links are some of the main contributors to cyberattacks. Educate your team on how they can best protect themselves from these kinds of attacks, such as flagging suspicious emails and forwarding potential malware to your IT team.
Preventing and responding to healthcare IT data breaches can be a stressful ordeal for you and your entire team, but you’re not alone. Hundreds of facilities and health systems have been victims of these kinds of attacks in recent years. Reporting potential breaches will help officials and your facility safeguard important health information in the future.