Ensuring patient safety and business continuity: Healthcare leaders' guide to managing ransomware attacks

April 03, 2023

The staff should be particularly sensitive to any apparent glitches or unusual behavior in systems or networked medical devices that remain up and running. They will need to be prepared to escalate any concerns or issues to the appropriate people. Taking these systems offline if they are impacted by the incident may be necessary. Doing so before they impact patient safety is critical.

IT, security, and clinical engineering response
While the clinical team scrambles to address patient safety, the IT, IT security, and Clinical Engineering Teams need to be in active response mode.

Your Trusted Source for Sony Medical Displays, Printers & More!

Ampronix, a Top Master Distributor for Sony Medical, provides Sales, Service & Exchanges for Sony Surgical Displays, Printers, & More. Rely on Us for Expert Support Tailored to Your Needs. Email info@ampronix.com or Call 949-273-8000 for Premier Pricing.

There are several models that your organization may follow to prepare and respond to an incident. These models have different structures and terminologies, but they generally share the common goal of helping organizations prepare for, detect, respond to, and recover from cybersecurity incidents.

First, it is critical that your organization plan for an incident before it occurs. This includes conducting a business impact analysis (BIA) to understand the organization's critical business processes and system dependencies. The output of the BIA should become an input into incident, disaster, and business continuity plans.

Planning alone of course is not sufficient, the organization needs to build the capability to execute the plans and test them to make sure that they are sufficient and effective.

Next, your organization should be monitoring its environment so that an incident is identified early. This includes monitoring system logs, traffic, endpoint activity, and monitoring security devices like firewalls 24 hours a day, seven days a week.

When an incident is identified, your organization will need to contain the incident, eradicate the threat, and recover your systems and devices. The speed and ability with which this can be accomplished determine in large part the scale of the incident’s impact and the ultimate cost to your organization.

Leadership response
It is more important than ever that your organization’s leadership team is organized and active during the incident response. This team may include the CEO or COO, CIO, CISO, CMO, CNO, CCO, Legal Counsel, Communications Director, and potentially department heads.

They will need to be prepared to make decisions during the incident. For example, they will need to prioritize the response, balancing the need to protect critical assets, ensure business continuity, maintain patient and employee safety, and uphold patient trust.



You Must Be Logged In To Post A Comment Sign In If you've already created an account, use your email address and password to sign in using the form below. Login Problems: Click here if you are having login issues. Email address: Password: Forgot your password? Login Problems? View our Legal Notice and Privacy Notice Register Registration is Free and Easy. Enjoy the benefits of The World's Leading New & Used Medical Equipment Marketplace. Register Now!