By Chris Bowen
In just the past 24 months, the OCR (U.S. Department of Health and Human Services Office of Civil Rights) has publicly posted reports of security breaches from almost 400 healthcare providers, payers or life science organizations. These breaches negatively affect millions of people. The site is known as the Wall of Shame, and it’s the last place you want to see your organization listed.
In the past 24 hours, another provider, payer, or researcher has likely been hit with ransomware or some other form of malware. These prolific malware attacks are designed to destroy the victim. Sadly, I see many organizations wait until a crisis to talk about how to deal with one. That’s not optimistic, it’s fatalistic.
Ad Statistics
Times Displayed: 46142
Times Visited: 1302 Ampronix, a Top Master Distributor for Sony Medical, provides Sales, Service & Exchanges for Sony Surgical Displays, Printers, & More. Rely on Us for Expert Support Tailored to Your Needs. Email info@ampronix.com or Call 949-273-8000 for Premier Pricing.
The time to develop (or improve and hone) your security incident response planning is now. There is a moral obligation to get this right. Is your team ready? Here are some tips to get started:
Begin with the data and build out layers of protection
You have to begin with the data. You need to understand what kind of data you have, where it lives, and with what dependencies. Then you can build out from the data, going back to a defense-in-depth strategy where you create perimeters of protection around your data. Think of it like defending a castle, with moats, walls, gates, and more. When an incident occurs, and one area is compromised, you can identify the risk, isolate it, and shore up security in other areas to minimize penetration and reduce damage.
Choose a HITRUST-certified managed service provider
Next, be sure you’ve done the due diligence in choosing your cloud-managed services provider. Whether your public cloud is AWS, Microsoft Azure or Google Cloud Platform, be sure they are HITRUST certified because they are going to play a key role in any security incident management and response efforts. Additionally, with cloud, healthcare and HITRUST expertise, your services provider is going to understand what a threat looks like and can thwart it before it ever becomes an issue. But it’s not all on your provider; as a healthcare organization you have shared responsibility. Be sure someone on your team has cloud and automation expertise so they understand how the pieces and parts move.
Build a comprehensive but concise plan
An employee clicking on an email can launch malware in seconds and your response can be costing you thousands of dollars a minute until the issue is resolved. That’s in addition to the care patients simply can’t get if their healthcare data is not available. You need a plan.
