How to Protect Sensitive Business Information from Cyber ​​Attacks

Establishing and maintaining effective systems to protect sensitive personal data and confidential business information from outside interference, while ensuring that privacy interests are protected is one of the highest priorities of an organization. Implementing, monitoring, and continuously updating these precautions define an organization’s first line of defense. But what happens if an organization actually suffers a breach? Is there guidance available, especially for healthcare organizations, to deal with continuity and disaster planning (BC/DR) to ensure resiliency and recovery in the event of a potentially catastrophic cyber attack?

Recently, the Healthcare and Public Health Sector Coordinating Committee (HPHSCC) issued a Operational Continuity – Cyber ​​Incident (OCCI) Checklist Helping healthcare organizations maintain operational continuity as they recover from cyberattacks. The guidance comes at a critical time when U.S. healthcare organizations face increased cybersecurity risks.really a drama Zero-day attacks increasedand Especially ransomware attacks,Plus Increased costs of recovering from cyberattackss, emphasizing resiliency, continuity, and disaster planning is now more important than ever. Yet while it’s clear that “an ounce of prevention” may be worth “a pound of cure” in healthcare, many organizations are still struggling with how to implement or update their contingency plans.

Cyber ​​Risks Growing After Russia-Ukraine Conflict

For the past few years, the Cybersecurity and Infrastructure Security Agency (CISA) has been tracking the activities of malicious hackers and found Healthcare and public health are increasingly prime targets for cyberattacks Malware (often ransomware), data theft, and disruption of healthcare services are involved.Although we have described this enhanced risk BeforeRussia’s continued invasion of Ukraine and its impact on the regional and world economy, according to CISA data last month, exposes organizations to greater growth Attacks from state-controlled cyber actors. this American Hospital Association echoes Given this expanding threat, healthcare facilities need to take extra precautions

Adverse effects on medical institutions

It goes without saying that cyberattacks can cause severe operational disruption, financial stress, and even harm to patients. Recent experience highlights the fact that the healthcare sector’s growing reliance on digital infrastructure and solutions increases the risk of these disruptive consequences. Many healthcare organizations have implemented specialized interconnected information technology systems, including electronic health records, electronic prescribing solutions, practice management tools, and clinical decision support algorithms—any of which could be vulnerable to cybersecurity attacks.The vulnerability of technology systems has been magnified during the COVID-19 pandemic, which has greatly stimulated healthcare organizations Embrace IoT and deploy an equally vulnerable remote monitoring solution to attack.[1]

Medical safety regulations provide limited guidance

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides a useful starting point for healthcare organizations to establish their emergency resiliency and recovery policies and procedures.In fact, such a plan is HIPAA Security Rules, designed to ensure that healthcare organizations take steps to protect the confidentiality, integrity, and availability of an organization’s protected health information when recovering quickly from an attack. Organizations seeking to develop these plans will also benefit from implementing “recognized security practices” as referred to in the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2021. As we’ve previously described, the HITECH Act directs the Department of Health and Human Services to “consider certain generally recognized security practices that cover entities and business associates in making certain decisions” to address fines, audit findings, or other potential HIPAA violations Remedies. Adopting these best practices provides healthcare organizations with viable incentives.

The OCCI checklist is designed to “provide operations staff and executive management with a flexible template for responding to and recovering from prolonged enterprise disruptions caused by severe cyberattacks”. The list is of value to organizations of all sizes and complexity—whether it’s a small physician group, a regional emergency clinic, or a national hospital system. To serve these various entities, the checklist is divided into ten role-based modules that are aligned with the Incident Command System, while also allowing organizations to improve or modify the modules to align with the organization’s size, resources, and capabilities. These role-based modules describe the necessary leadership functions required in the first 12 hours following a cybersecurity incident:

  • Incident Commanderwho provides overall strategic direction for all site-specific response actions and activities.

  • Medical Technologist (Subject Matter Expert/Consultant)who advise the Incident Commander or Section Chief on issues related to the response; and provide understanding and communicate specific impacts and recommendations based on their area of ​​expertise.

  • press officeras a conduit for information to internal and external stakeholders, including site personnel, visitors and families, and the news media, as approved by the Director of Cyber ​​Security, IS/IT, and the Incident Commander.

  • connectionresponsible for coordinating communications with external partners for PIO, Med-Tech, IS/IT department heads

  • security personnelto identify, monitor and mitigate safety risks to patients, staff and visitors during prolonged mass outages.

  • Operations Section Chiefwho develops and recommends strategies and tactics to continue clinical and non-clinical operations during incident response and recovery.

  • Planning Section Chiefwho oversees all event-related documentation related to event operations and resource management; initiates long-term planning; conducts planning meetings; and prepares event action plans for each operational period.

  • Chief of Finance Sectionwho oversees the use of financial assets and the accounting of financial expenditures; and oversees the documentation of expenditures and expense reimbursement activities.

  • Chief of Logistics Section, who organizes and directs the required service and support activities to ensure that the field responds to the material needs of the incident.available when needed

  • Intelligence (IS/IT) Section Chiefwho provides technical response, continuity, and recovery recommendations; collaborates with cybersecurity to inform incident response decisions and activities; and coordinates intelligence and investigative efforts.


[1] See Journal of Oral Biology and Craniofacial Research (Jan. 30, 2021) – Internet of Things (IoT)-enabled healthcare helps meet the challenges of the COVID-19 pandemic

©2022 Copyright Epstein Becker & Green, PC.National Law Review, Vol. XII, No. 139

Leave a Reply

Your email address will not be published. Required fields are marked *