Incident Response, Data Security
Healthcare cyber group shares business continuity toolkit, on the heels of ransomware alert

A physiotherapist sits at a workstation in an intensive care. : A new toolkit was released meant to support operational staff and executive leadership with responding to extended outages brought on by cyberattacks. (Photo by Steve Parsons - Pool/Getty Images)
The Health Sector Coordinating Council’s Cybersecurity Working Group issued another healthcare resource this week: a toolkit meant to support operational staff and executive leadership with responding to extended outages brought on by cyberattacks. HSCC collaborated with cybersecurity and emergency management executives to compile the guide.HSCC issued new guidance targeting communication methods for disclosing medical tech vulnerabilities, earlier this week.The new Operational Continuity-Cyber Incident toolkit provides healthcare entities with a flexible template, which includes the suggestions for needed operational structures and tasks able to be tailored to the needs of an organization, based on size, resources, complexity, and capability.The guide is broken down into role-based modules that align with an incident command system and include specific recommended actions for each role. HSCC noted that “as enterprises organize their cybersecurity and emergency management roles with varying structures, this checklist attempts to generalize as much as possible to scale and align with those variations.” Ideally, leadership would tailor the checklist to fit their organization’s needs and as part of their existing operating procedures. The “response guideline” includes step-by-step actions and considerations to be taken within the first 12 hours of discovering a cyberattack.The guide includes a breakdown of responsibilities for each role, including incident commander, medical-technical specialist or subject matter expert, public information officer, liaison, safety officer, operations section chief, planning section chief, finance chief, logistics chief, and intelligence leader.As noted by Mitre earlier this year, these roles should be assigned and the plans well-practiced long before a cyberattack so as to ensure effectiveness and continuity.“Hospitals have to be prepared for downtime and have to be prepared to go back to paper,” and that means understanding the procedures for critical systems and looping that back with the IT team,Margie Zuk, senior principal cybersecurity engineer for Mitre and the cyber engagement lead for health care in the Mitre Cyber Solutions Technical Center, previously told SC Media.“That way when an attack affects one of those systems, they can really respond in an organized way,” she added.After an assessment by the CIO, CISO, and senior leadership, HSCC stressed that incident command may be activated as “a prolonged massive disruption has the potential to meet… patient safety and/or member service impacts [and] large-scale clinical workflow [and] patient care impacts.Further, the implementation of preventative defenses could also impact clinical workflow.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds