industry
UNLOCKED
The best thing healthcare CISOs can do in response is to build resilience now in the likely event that an attack strikes in the future . departments further afield . Across the Irish Sea , the Ireland Health Service Executive ( HSE ) has spent tens of millions of euros managing the fallout from a major 2021 ransomware breach . One report claims that , on average , HCOs of up to US $ 500 million in revenue lose an estimated 30 % of operating income if hit by a serious ransomware attack .
Another potentially serious cost is erosion of patient trust and real-world physical risk to patient safety . Studies show a connection between mortality rates and cyberattacks . One even claims a link between data breaches and heart attack fatalities . Ransomware also forces victim organisations to take critical systems offline in order to avoid the spread of malicious code , which in itself can cause serious risk to safety .
Building a better plan
The best thing healthcare CISOs can do in response is to build resilience now in the likely event that an attack strikes in the future . A comprehensive cybersecurity audit is a good place to start , by documenting internal and external risks , vulnerabilities and threat exposure . It can also check for compliance with industry standards ( like ISO 27001 ) and best practice certifications ( like Cyber Essentials Plus ). And suggest remediation actions such as training and awareness programmes for staff and breach response plans .
Depending on the results of such an audit , the organisation may need to roll-out risk-based patch management programmes to ensure critical assets receive security updates in time . A continuous cycle of vulnerability and penetration testing will also help to establish where there are holes in security posture that need filling . Exploited vulnerabilities accounted for 29 % of healthcare ransomware breaches last year , according to one study .
While this can all help to reduce the chances of a serious breach , CISOs must also acknowledge that such events are inevitable , especially when the attack surface is so broad and stolen credentials are so plentiful . This is where detection and response comes in . Ensure the organisation has effective and continuous logging and monitoring of events – at least at a network level . This can help accelerate incident response to contain threats before they have the chance to make a serious impact .
It can provide a stronger bargaining position for the HCO if negotiation with the threat actors is necessary . Being able to answer critical questions like which systems and data have been impacted , and how attackers got in , alongside maintenance of recent backups , will help to streamline incident response . It will also reduce the chances of a miscalculation in breach disclosure which could impact reputation unnecessarily .
Data was encrypted in 75 % of healthcare ransomware attacks over the past year . It ’ s time to keep calm , work through security best practice and build resilience . You never know when the next attack is around the corner .
46 WWW . INTELLIGENTCISO . COM