An effective response requires that leadership communicate effectively. The team leading the response will need to make decisions on what information to convey, when to convey it, how to convey it, and to whom. The need to establish clear lines of communication and avoid conflicting information is critical.
Aligning communications and effort requires coordination across teams. The leadership team will need to make sure that everyone is on the same page during the response and working toward a common set of goals and objectives.
Ad Statistics
Times Displayed: 50454
Times Visited: 1437 Ampronix, a Top Master Distributor for Sony Medical, provides Sales, Service & Exchanges for Sony Surgical Displays, Printers, & More. Rely on Us for Expert Support Tailored to Your Needs. Email info@ampronix.com or Call 949-273-8000 for Premier Pricing.
Understanding and managing the risk to your organization should be a key consideration in identifying those goals and objectives. This might include everything from deciding whether to pay the ransom to determining what systems to shut down in response to the incident.
It is common that an organization will need to engage third parties during the response. The leadership team will need to be prepared to quickly identify and, when necessary, contract with these resources. This might include, for example, law enforcement, media, cybersecurity forensics, ransomware negotiators, and IT support.
As decisions are made and the plan executed, the leadership team should monitor progress by getting regular updates from across the organization. It is important that they stay informed, adjust the response as necessary, and continue to communicate effectively.
Final thoughts
After your organization recovers, your work is not done. The teams should conduct a post-incident review to identify lessons learned, determine the effectiveness of their incident response, and identify areas for improvement. This may involve updating the incident response policy and plan, revising security policies and procedures, improving security posture, providing additional training to staff, and ultimately improving the resiliency of your organization. The leadership team should make sure these things happen.
This is critical as the leadership team will also need to restore trust with the organization’s stakeholders. This will require transparency about the incident, demonstrating accountability, outlining the steps that will be taken in response to the incident, and reporting on progress toward those steps as the organization makes changes.
The days of relying on IT alone to respond to a cyber incident are over. Ransomware has changed the game. A holistic approach to response is required. Organizations need to make the investment of time and money necessary to mitigate the risk to their patients as well as their future financial health before an incident happens.
About the Author: Jon Moore is senior vice president & chief risk officer at Clearwater. He is an experienced professional with a background in privacy and security law, technology and healthcare. During an eight-year tenure with PricewaterhouseCoopers (PwC), Moore served in multiple roles. He was a leader of the Federal Healthcare Practice, Federal Practice IT Operational Leader, and a member of the Federal Practice’s Operational Leadership Team. Among the major federal clients supported by Moore and his engagements are the National Institute of Standards and Technology (NIST), National Institutes of Health (NIH), Indian Health Service (IHS), Department of Health and Human Services (HHS), U.S. Nuclear Regulatory Commission (NRC), Environmental Protection Agency (EPA), and Administration for Children and Families (ACF). Moore holds a BA in Economics from Haverford College, a law degree from Penn State University’s Dickinson Law, and an MS in Electronic Commerce from Carnegie Mellon’s School of Computer Science and Tepper School of Business.
Back to HCB News
