How Business Continuity Can Mitigate Healthcare Cyberattacks
Almost 50 million patient records were affected by a major healthcare data breach in 2021.
In one of the latest, Tenet Healthcare reported an April cyberattack they estimate would cost $100 million to mitigate. Tenet Healthcare is a large healthcare organization headquartered in Dallas, Texas, with 60 hospitals, 465 ambulatory surgery centers, and 110 other outpatient centers.
Tenet Healthcare was the victim of a cyberattack that caused significant IT outages. Tenet "immediately suspended user access to affected information technology applications, implemented extensive cybersecurity protection protocols, and swiftly took steps to restrict further unauthorized activity," according to a notice dated April 26.
Threats in Healthcare Cyberattacks
Recently, the healthcare industry has been under attack by cybercriminals. Forty-five million individuals were impacted by healthcare-related cyberattacks in 2021, up from 34 million in 2020. According to one report, which examines breach data reported to the US Department of Health and Human Services (HHS) by healthcare organizations, this number has tripled in just three years, rising from 14 million in 2018 to 42 million in 2019.
The total number of individuals affected has increased by 32% since 2020, indicating that more records are compromised annually.
The healthcare sector is a target for hackers because of the widespread use of electronic medical records and other sensitive data that can be used for financial gain or to perpetrate identity theft.
The following are some areas that these attacks have impacted:
- Patient privacy: Health information is highly personal and confidential. Hackers can use this data to steal identities, blackmail individuals, and/or extort them using private information such as social security numbers. They may also sell your health information on dark web marketplaces to bad actors who want to commit fraud or extortion against you or your family.
- Medical records: This includes patient files like lab reports; X-rays; physician notes; prescription information etc., stored in both hard copy format as well as digital form. These documents contain sensitive information about a person's medical history, including their disease status, treatment regime details, etc., which could lead to identity theft if an unauthorized party with malicious intent is accessed.
How Are Cyberattacks Affecting the Healthcare Industry?
Cyberattacks on healthcare organizations can result in a loss of life and cause a loss of money, reputation, and data.
In the most recent cyberattack on healthcare facilities, hackers gained access to patient medical records at hospitals across the US and Canada. In some cases, they could potentially steal credit card information from patients who used their cards at those facilities. This fraud is just one example of how cyberattacks can negatively impact your business continuity strategy.
How Business Continuity Planning and Disaster Recovery Can Help Mitigate the Effects of Cyberattacks
Cyberattacks are evolving and becoming more sophisticated. To ensure your critical systems are protected, you must establish a business continuity management plan (BCMP).
Business continuity planning is developing systems of prevention and recovery to protect an organization from potential threats. It's the framework for establishing organizational resilience and preparedness; business continuity planning aims to ensure continued operations before, during, and after an incident.
- Identify and prioritize business processes to define the plan(s) you require; conduct a risk assessment to identify and quantify threats.
- Define your business continuity strategy and develop a plan.
- Maintain the program - update risk assessments, business impact analyses, and plans; ensure awareness and validate plans with regular exercises.
Business Continuity Plans Help Keep You Running in the Event of a Cyberattack
Business continuity plans (BCP) are an essential step toward ensuring your organization's ability to recover from a cyberattack. A BCP defines how a company will maintain operations during an interruption. A robust BCP aims to keep a company's core processes operational during a disaster and minimize downtime. A business continuity plan may consider various scenarios, including natural disasters, wildfires, cyberattacks, workplace violence, and isolated incidents.
Three Strategies To Mitigate Healthcare Cyberattacks
Three key strategies can help keep you running in the event of a cyberattack:
Business continuity plans and business continuity management (and software)
Business continuity plans are essential to ensure your organization's ability to recover from a cyberattack. You should have an emergency response plan with clear roles, responsibilities, and processes for different situations.
Emergency notification systems are indispensable when responding to a disaster and restoring operations after a disruption. Part of these plans should include alerting employees about security incidents so they know how best to proceed until IT personnel can get things back up and running.
For instance, the repercussions could be severe if a cyberattack occurred in an office where employees lacked the necessary training and did not immediately report the incident. It would be impossible to maintain business continuity, and the organization could suffer significant property, asset, and resource loss.
Disaster recovery as a service (DRaaS)
If your company relies heavily on technology, purchasing additional backup data storage services from external providers might be wise in case something goes wrong at your office location(s).
Business Continuity Plans Are Critical for Hospitals
With the rise of ransomware and other cyberattacks, it's more important than ever for hospitals to have a business continuity plan in place. BCPs help an organization continue operations after a disaster or other disruptive event. However, according to research commissioned by IBM and Ponemon Institute, only 43% of healthcare organizations surveyed had documented business continuity plans, putting them at risk of experiencing significant downtime.
When you think about your own healthcare experience as a patient, you probably want:
- A hospital that is free from infection
- A hospital with competent employees who know how to care for you
- A hospital that will be able to ensure your privacy
A business continuity plan helps ensure these things are possible during an emergency like a cyberattack.
The healthcare industry is being hit hard by cyberattacks, but there are ways to protect your organization. Business continuity planning is one way to keep your organization safe from these threats. By monitoring and mitigating risks at all stages of the process, you can ensure that patients always receive the best care possible. Agility is ready to help.