The Critical Importance of Incident Readiness
Written by: Katie Wilson and Cheryl Reifsnyder, PhD
Cyber attacks are a major threat to the healthcare industry.
The average cost of a data breach in healthcare has risen to more than $10 million, making data breaches in healthcare the costliest of all industries for the 12th consecutive year. And the cost of a cyberattack extends beyond the more obvious financial repercussions. Catastrophic data loss negatively impacts a practice’s reputation, which can lead to lost referrals, loss of patients, and diminished staff morale — and significantly affect providers’ ability to deliver quality patient care.
As the threat of cyberattacks against healthcare organizations continues to escalate, practice leaders must be especially vigilant about taking the necessary steps to protect patient data.
Cybersecurity, and the importance of incident readiness, is the topic of a recent Cisco Security Stories podcast featuring Jeremy Maxwell, Vice President and Chief Security Officer at Veradigm, hosted by Security Stories’ Hazel Burton.
Cybersecurity challenges in today’s landscape
Maxwell begins by talking about the cybersecurity issues facing today’s healthcare organizations.
“Healthcare security is facing the unique challenge that data must be available all the time, on-demand, with high-fidelity, and also available to no one, all at the same time,” he says. “And if that sounds like a contradiction, it is.”
Maxwell compares the guiding model for information security to the CIA triad of Confidentiality, Integrity, and Availability, highlighting the importance of all three for healthcare information security.
Incident readiness
Maxwell also discusses the value of Veradigm’s partnership with Cisco Talos Incident Response. Veradigm takes our security responsibilities — and incident response — very seriously, with highly trained staff in-house with incident response backgrounds. However, incident response experts, such as Cisco Talos, can bring invaluable experience to the table, because for them, incident response is an everyday activity.
Maxwell emphasizes that successful incident response depends on preparation. One of their first acts in partnership with Talos was building an incident response playbook.
“We’ve drilled on the incident response playbook through tabletop exercises,” he explains. “Through that, organizations become very familiar with each other, both how we operate, our preferences, the steps that we’d like to take when an incident goes live.”
A Qakbot spearfishing attack
Maxwell also walked listeners through a recent spear phishing attack, successfully alleviated in partnership with Talos. This cyberattack involved Qakbot malware and an attempted intrusion into one of Veradigm’s development environments.
In the past several years, Qakbot malware infected more than 700,000 victim computers, which were used to commit ransomware attacks, causing hundreds of millions of dollars in damage. Maxwell’s discussion of Veradigm’s response, in partnership with Talos, provides listeners insight into some of the hurdles they faced and some of the benefits of working with a partner with incident response expertise.
Framework for your incident response
How do you create an effective framework for your organization in case of a cyberattack? One of the key takeaways, Maxwell says, is to have a framework in place for when an actual incident arises. The key is identifying which questions are the most important to answer at the end of the day. His team focuses on four primary questions:
- How did they get in?
- What did they do while they were in?
- Are they still in?
- If they came back, how else would they get in?
“Know what is important for your organization,” Maxwell says, “and be prepared.”