<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=196353&amp;fmt=gif">
Request a Demo

SIS shares actionable steps healthcare organizations can take to better protect themselves from cyberattacks

The healthcare sector recently witnessed a significant cybersecurity incident with the cyberattack on Change Healthcare, a crucial component of UnitedHealth Group's Optum division. This attack, orchestrated by the ransomware group AlphV, also known as BlackCat, not only highlighted the vulnerabilities within the healthcare industry to cyber threats but also had widespread repercussions. The incident impacted healthcare operations that depend on CHC systems, including billing processes, eligibility verifications, prior authorization requests, and the fulfillment of prescriptions, significantly disrupting essential services across the healthcare ecosystem1. These disruptions emphasized the vulnerabilities and interconnectedness of the healthcare ecosystem, leading to operational headaches for providers and underscoring the critical need for healthcare organizations to enhance their cybersecurity defenses.

The far-reaching effects of the cyberattack against Change Healthcare have prompted an urgent call to action for improved cybersecurity resilience within the healthcare sector. Providers experienced significant operational disruptions, including delayed revenue management services and prescription-filling processes, highlighting the importance of preparing for future cyber threats.

This comprehensive guide aims to synthesize insights from the incident and provide actionable steps for healthcare businesses to bolster their cybersecurity measures, helping ensure they are better equipped to protect against and respond to the evolving landscape of cyber threats.

Actionable Steps for Strengthening Cybersecurity

Conducting Comprehensive Risk Assessments

Think of a risk assessment as a health check-up for your organization's cybersecurity. Just as a doctor examines a patient to find vulnerabilities to diseases, a risk assessment identifies where your organization's cybersecurity could be compromised.

Starting Point: Begin with a thorough inventory of your digital assets, software, hardware, and third-party services. Identify what data you have, where it's stored, and who has access to it.

Steps to Success:

  • Identify Critical Assets: Prioritize assets based on their importance to your operations and the potential impact of their compromise.
  • Assess Vulnerabilities: Use tools like vulnerability scanners to identify weaknesses in your systems and applications.
  • Evaluate Threats: Consider both external threats (e.g., cybercriminals) and internal threats (e.g., disgruntled employees).
  • Determine Risk: Assess the likelihood of each threat exploiting a vulnerability and the potential impact to prioritize risk management efforts.
Enhancing Cybersecurity Frameworks

Adopting a cybersecurity framework is akin to a comprehensive care plan for a patient with a chronic condition. Just as a care plan would include preventive measures (Identify), protective treatments (Protect), regular health monitoring (Detect), emergency interventions if the condition worsens (Respond), and rehabilitation or adjustment of treatments based on outcomes (Recover), a cybersecurity framework ensures the ongoing health and resilience of your organization's digital environment. Each step in the framework functions similarly to stages in patient care, aiming to maintain the system's health, prevent breaches, quickly address any issues that arise, and restore full functionality after any security incidents, thus keeping the organization's data and systems in optimal condition.

Framework Choice: Adopt the NIST Cybersecurity Framework for a structured approach to managing cyber risks.

Steps to Success:

  • Customize the Framework: Tailor it to your organization's specific needs, focusing on areas most relevant to your operations.
  • Implement Core Functions:
    • Identify: Continuously inventory and categorize assets.
    • Protect: Implement safeguards (e.g., firewalls, encryption) to protect assets.
    • Detect: Use systems (e.g., intrusion detection systems) to identify cybersecurity events quickly.
    • Respond: Have a defined process for addressing detected cybersecurity incidents.
    • Recover: Develop plans to restore any capabilities or services impaired by a cybersecurity incident.
Developing and Testing Incident Response Plans

An Incident Response Plan is A structured methodology for handling security incidents, breaches, and cyber threats, ensuring a quick, effective, and orderly response.

Consider an incident response plan as a fire drill for cyber threats. Just as schools and offices conduct fire drills to ensure everyone knows how to exit safely in an emergency, testing your incident response plan ensures your team knows how to act swiftly to mitigate damage from a cyberattack.

Steps to Success:

  • Identify Critical Operations: Begin by identifying and prioritizing services critical to patient care and operations, similar to how Change Healthcare's services are integral to many healthcare providers.
  • Create an Incident Response Team: Designate team roles and responsibilities.
  • Define Incident Types: Identify what constitutes an incident for your organization.
  • Develop Specific Response Strategies: Create targeted response strategies for different types of cyber incidents, focusing on minimizing disruption to critical services. Outline specific steps for containment, eradication, and recovery for each incident type.
  • Regular Testing and Updates: Continuously test and refine your incident response plans based on new cyber threats and lessons learned from incidents like the Change Healthcare attack.
Building Redundancy and Contingency Plans

Redundancy and contingency planning in cybersecurity can be compared to keeping a spare tire in your car. Just as you prepare for a flat tire by having a spare, you prepare your organization to continue operations smoothly with backup systems and manual processes in case of a cyberattack.

Strategy Formation: Develop manual processes for critical operations and consider diversifying vendors to reduce reliance on single entities.

Implementation Steps:

  • Implement Manual Workarounds: Develop and document manual processes for essential operations, such as billing and claims processing, to ensure continuity when digital systems are compromised.
  • Diversify Service Providers: Consider diversifying vendors and service providers to avoid reliance on a single entity for critical services, mitigating the impact of a targeted attack on any single provider.
Leveraging Cyber Intelligence and Collaboration

Sharing cyber intelligence is like neighborhood watch programs where communities share information about suspicious activities. By joining forums and information sharing analysis centers (ISACs), you're participating in a collective effort to spot and defend against threats before they can harm your organization.

Collaborative Defense:

  • Participate in Industry Sharing Initiatives: Engage in ISACs relevant to healthcare to stay informed about emerging cyber threats and best practices for defense.
  • Adopt Recommendations from Cybersecurity Agencies: Implement cybersecurity recommendations and best practices issued by agencies like the HHS, FBI, and CISA, tailored to counteract the tactics and strategies of threat actors like AlphV.
Investing in Cybersecurity Awareness and Training

Investing in cybersecurity awareness and training for staff is akin to administering vaccines in public health. Just as vaccines prepare the immune system to recognize and combat viruses and bacteria, thereby preventing infections, cybersecurity training equips employees with the knowledge and skills to identify and defend against cyber threats. This preventive measure, like vaccination, is essential to build a resilient defense against potential attacks, ensuring the organization's digital environment remains healthy and secure.

Continuous Education:

  • Simulate Real-World Scenarios: Incorporate scenarios inspired by the Change Healthcare incident into cybersecurity training programs to highlight real-world implications of cyberattacks and the importance of maintaining vigilance.
  • Regular Updates on Cyber Threats: Keep staff informed about the latest cyber threats and techniques used by groups like AlphV, emphasizing the importance of security practices such as strong passwords and recognizing phishing attempts.
Exploring Cybersecurity Insurance

Cybersecurity insurance acts like a safety net, much like car insurance. In the event of a cyberattack causing financial loss, having cybersecurity insurance helps cover the costs, ensuring your organization can recover more quickly.

However, in today's cybersecurity landscape, the prevalence and sophistication of cyber threats have led to increased cybersecurity insurance premiums and stricter policy requirements. The aftermath of significant cyberattacks, such as the one on Change Healthcare, has underscored the essential role of cybersecurity insurance in an organization's preparedness and resilience plan.

Insurance providers now demand evidence of comprehensive cybersecurity measures, including adherence to best practices in hygiene, incident response plans, and employee training, as prerequisites for coverage. This shift emphasizes cybersecurity insurance as a critical component of an organization's defense strategy, offering a financial safety net that enables recovery and continuity of services post-incident.

Investing in solid cybersecurity practices and securing suitable insurance coverage equip organizations to face emerging cyber threats with greater assurance and resilience.

Risk Mitigation

  • Review Cybersecurity Insurance Coverage: Ensure that your cybersecurity insurance policy covers the types of disruptions and financial impacts experienced by providers during the Change Healthcare outage.
  • Plan for Emergency Funding: Develop a strategy for accessing emergency funds or lines of credit to cover operational costs and mitigate financial strain during extended service disruptions.
Improving Vendor Management and Security Assessments

Good vendor risk management is critical, akin to conducting thorough background checks and continuous performance evaluations in a medical staff hiring process. Just as a hospital must vet each doctor, nurse, and technician to ensure they have the necessary qualifications, experience, and ethical standards to provide safe and effective care to patients, organizations must rigorously assess and monitor their vendors to ensure they meet stringent cybersecurity standards.

Failure to do so can lead to introducing vulnerabilities into the organization's system, much like an unqualified medical professional can put patient health and the hospital's reputation at risk. This meticulous selection and ongoing evaluation process is essential to maintaining the security and integrity of an organization's data and systems, reflecting the critical nature of good vendor risk management in protecting against potential cyber threats.

Steps to Success

  • Conduct Thorough Security Evaluations: Before engaging with vendors, conduct thorough assessments of their cybersecurity measures, particularly those providing critical services like billing and data analytics.
  • Evaluating Vendor Certifications: Be mindful, not all certifications are created equal. HITRUST has several versions from foundational basic cybersecurity controls in their e1 certification to the more sophisticated and appropriate controls in their i1 and r2 certifications. Assess vendor security through third-party certifications like SOC2 and HITRUST, which signal adherence to high cybersecurity standards. Ensure the certifications’ scope fully covers the services provided, verifying comprehensive security practices relevant to your organization’s needs. This crucial step in vendor risk management helps secure operations and patient data by confirming vendors meet specific security challenges.
  • Set Clear Expectations: Include security requirements and responsibilities in contracts.
  • Monitor and Review: Regularly review vendors' security posture and compliance to ensure ongoing adherence to your standards.
  • Establish Clear Communication Channels: Ensure that there are established lines of communication with vendors for timely updates and support during and after cyber incidents.
Wrapping up

The cyberattack on Change Healthcare is a wake-up call for the healthcare sector, demonstrating the critical need for enhanced cybersecurity measures. By adopting a comprehensive and proactive approach to cybersecurity, healthcare businesses can strengthen their defenses against future cyber threats. This involves not only implementing robust cybersecurity frameworks and incident response plans but also fostering a culture of cybersecurity awareness, engaging in collaborative intelligence sharing, and ensuring that contingency plans are in place for dealing with disruptions. Through these steps, healthcare organizations can safeguard their operations, protect patient data, and contribute to the resilience of the broader healthcare ecosystem against the evolving landscape of cyber threats.

[1] UnitedHealth Group, Information on the Change Healthcare Cyber Response