7 Critical Steps To Run a Cybersecurity Response Like a Trauma Incident

If your practice or clinic becomes a victim of cyberattack, how will your IT team respond? Will you immediately recognize the cybersecurity threat, or—more commonly—will malicious activity be embedded in your network for days before you’re aware of it? Do you have a plan to react, respond, and recover from the cyberattack?

A cybersecurity response should be run like a trauma incident

Like a medical trauma, a cybersecurity incident can be a critical turning point for your practice. Average six-figure ransomware demands—along with downtime costs that can multiply that amount by five to ten times, as well as regulatory fines—can be hard to recover from. And that doesn’t take into account the impact to your reputation and the human costs of delayed patient care.

Med Tech Solutions’ IT service delivery is modeled after the healthcare delivery system, so it should be no surprise that our approach to managing a cybersecurity incident is similar to how an emergency department runs a trauma incident.

In the event of a cyberattack, there are strong, sometimes opposing forces at play.

Prepared team of specialists, following a plan

In the event of a cyberattack, there are strong, sometimes opposing forces at play. Do you pay the criminals, or is your security maturity at a level such that you can recover your systems through other methods and get the systems operational? Our goal is to help you develop an incident-response and recovery plan and have it in place prior to any potential cyberattack. That roadmap gives you the best chance of recovering systems without paying the ransom or experiencing significant downtime.

Equally important is the preservation of technical data. This helps you identify how the breach occurred, ensure that gaps in your security posture can be corrected, eradicate the malware from your environment, and provide the data needed by the legal teams, regulators, HR teams, PR teams, insurers, and more as required. The actions that the technical response team takes in the initial hours can dictate whether you are able to preserve the required data that you need to recover, or if it is lost forever.

Like a team of trained clinical crisis specialists, our highly skilled engineers, security consultants, and incident-response professionals act as a team working toward the same goal. Many of the same tenets that clinicians apply to an emergency situation also apply to a cybersecurity response. The more prepared you are for a cyberattack—just like any emergency—the better the expected outcome.

The more prepared you are for a cybersecurity incident—just like any emergency—the better the expected outcome.

The following are 7 critical steps to create a trauma-style cybersecurity incident response plan

1. Assemble an internal team that is responsible for these incidents. Make sure there is a leader and that you have covered the legal, technical, HR, and internal and external communications elements required for your business. Know those requirements in advance.

2. Bring in the right external experts well in advance of a breach. You don’t want to have to find and vet experts and bring them up-to-speed in the middle of a crisis. Make sure you have 24/7 expert resources identified and experienced with your systems:

• • Network operations center (NOC)
  • Security operations center (SOC)
  • Computer security incident response team (CSIRT)
  • Don’t forget your cyberinsurance broker and PR consultant

3. Prepare for any type of breach—they’re not all created equally. Define what is small, medium, and large within your environment and create a plan that is appropriate for each type of breach.

4. Create a corresponding set of actions and checklist for each breach type. Include who (and when) to activate along with a description of their roles and critical knowledge.

5. Make sure you know your legal and regulatory rights, obligations, and deadlines. Create an action-item checklist with deadline requirements, who to activate, and what critical knowledge will be required.

6. Review and update your plan regularly. Do this at least on an annual basis but more frequently if there are key personnel or regulatory changes.

7. Practice, practice, practice. When crisis strikes, you need all hands on deck, prepared and confident. Your team should practice for a cyberattack incident at least annually, but the more frequent the practice, the better your response will be in case of an actual incident.

Cybercriminals are relentless. Don’t fall victim to their increasingly sophisticated attacks.

One of the reasons Med Tech Solutions is one of the leading healthcare-focused managed services providers in the U.S. is because we work the way healthcare practices work. Just as a patient might be attended by a primary physician with a cadre of specialists at the ready, our Practice-Centered Care approach to hosting, delivering, and maintaining safe and secure technology systems puts healthcare practices at the center of our work.

At Med Tech Solutions, security is the foundation of everything we do and every service we provide. We continue to invest in the leading security technologies and training, and partner with best-in-class organizations to make sure our clients’ systems are monitored, protected, and managed. An example is our unique security alliance—the healthcare industry’s first—that combines 24/7 managed cloud services, managed security operations center (SOC), and a computer security incident response team (CSIRT).

Contact us to learn about our complete platform of security services.

To get started right away, download our Cybersecurity Kit for Healthcare to guide you on the most important aspects of protection.