🎙️ Voice is AI-generated. Inconsistencies may occur.
The first few minutes after a data breach at a health care organization can be chaotic. At a recent Newsweek event, cybersecurity leaders offered advice on how to begin remediation.
The webinar, "Is Your Hospital Cyber-Safe? How to Anticipate Unseen Threats," took place on April 10. An expert panel, including Theresa Lanowitz (chief evangelist at LevelBlue, formerly AT&T Cybersecurity), Michael Adams (chief information security officer at Zoom) and Trent Sanders (vice president for U.S. healthcare and life sciences at Kyndryl) spoke to and took questions from an audience of health care decision-makers.
Attacks on hospitals, health systems and their partners are becoming more sophisticated and more frequent, the panelists agreed. They recommended that hospital leaders formulate a plan for worst case cyber scenarios.
In the first few minutes after a breach is identified, it's important to pull together relevant parties and begin working on next steps, Lanowitz said. This is where a formalized incident response plan really comes in handy—knowing who is responsible for what can ease confusion in stressful situations.
Adams agreed that it is vital to walk through a mock plan before disaster strikes. However, he advised hospital leaders to be mindful when selecting their core response team.
He offered two considerations for compiling the roster: "One is, do I have enough of the people who are the subject matter experts, the stakeholders, the doers in the room? And then secondly, am I able to keep in check those people who actually aren't going to add value, but potentially come in the room and can disrupt the flow?"
Sometimes, people who never participated in those "red team" exercises end up on the final response team, Adams said. They may have questions about established protocols—or encourage others to move too fast and skip steps.
"What you want, ideally, is that plan to be real and agile and to have prepared the core group of folks who are going to do the work to be positioned to be successful," he said.
Sanders added that from the IT teams' perspective, the first step of any response plan is to isolate and contain the threat—then begin recovery efforts.
The business itself must go through similar remediations, Sanders said. If electronic health records are down, systems might have to switch to paper. That raises new questions: Does the hospital have enough paper? Enough ink?
"You have to bring together both the business and technology teams for a cohesive effort," Sanders said, "[so] we're in lockstep with how we bring our operation to support our patients."
He also told hospital leaders to familiarize themselves with their "protect surface," or the applications in their enterprise that house protected health information. If you don't know which systems could yield sensitive data if compromised, "that is where I would immediately start as you're prioritizing the next six to nine months," Sanders said.
A video of the full webinar is located at the top of this article.
About the writer
Alexis Kayser is Newsweek's Healthcare Editor based in Chicago. Her focus is reporting on the operations and priorities of U.S. ... Read more