How healthcare reduces cybersecurity response time from hours to minutes

In cybersecurity and patient care, seconds are important, especially in emergencies. Just as doctors and nurses move quickly in patients’ lives, cybersecurity teams must act quickly to stop the threat before they can get out of control. This is why fast, precise and prepared in SOC is as important as the emergency room.

When the system falls or is inaccessible, treatment can be delayed, resulting in potentially life-threatening consequences. The entire community may be affected as patients are transferred to facilities that may not be nearby or lack the necessary resources to deal with the surge. Then there is the cost associated with downtime: On average, downtime caused by ransomware attacks costs nearly $2 million a day for the U.S. healthcare system.

Accelerating attack rates means that healthcare institutions must respond faster when they occur. There are two key levers to achieve this: planning and precision.

The worst response planned

When it comes to cybersecurity, it is wise to plan the worst. The more things you intend to happen, the more you have the ability to respond. As we often say, the question is not, but when.

When an attack or other problem does occur, the main difference between months and minutes or day is having a mature and tested incident response plan. Without an infrared plan, your cybersecurity team will fly blindly, resulting in chaos and inefficiency, which can greatly slow down your response time.

Key elements of a strong response plan include:

• Record clear roles and contact information. You should know who to call and somehow store their contact information, even if the system is not accessible. (This includes contact information for your cyber insurance company and should also be reminded immediately.) Everyone responsible for cybersecurity should be aware of the measures taken in various situations.
• Prioritize system shutdown and recovery steps. Develop a plan to isolate system components in a controlled manner to minimize damage and maintain basic functionality. This will help minimize threats and speed up recovery efforts.
• Stay unchanged, segmented backups. Since the data is stored in a read-only format, immutable backups are tamper-proof. By dividing large amounts of data into smaller, easier to manage files, splitting backups can facilitate faster recovery.
• Do regular desktop exercises. Just making plans on paper is not enough, you have to put it into practice to find any gaps or other issues. It is crucial to document and create action projects from the courses you learn.

Just as healthcare professionals are trained to deal with medical crises, cybersecurity threats should be trained in advance, rather than figuring out what to do in a crisis.

Fine-tuning technology to filter out noise

When security tools flood teams with hundreds of alarms every day, it’s easy to miss out on the alert that really matters. Many of these alerts are false alarms, consuming time and resources to better stop real threats.

When the detection tool is adjusted to identify real problems, the alert is more trustworthy and inspires immediate action. Security Information and Event Management (SIEM) and Endpoint Detection and Response Platform (EDR) platforms can be configured for improved accuracy, enabling teams to prioritize alerting and investigation processes to optimize response time.

Implementing these adjustments can be difficult for internal teams to manage according to their regular responsibilities. In fact, given that they may have only one or two people dedicated to cybersecurity, many healthcare organizations are working on designing and applying the framework I outlined here.

One solution is to outsource implementation, management, and monitoring to cybersecurity partners with unique needs and nuances in healthcare environments, as well as familiarity with their specific systems and devices such as EHR platforms, PACS and PYXIS machines. They can implement and oversee cybersecurity programs without distracting from daily operations or internal projects, allowing them to take threats immediately.

Establish a foundation for rapid response

Whether it is outsourcing cybersecurity programs and tasks or retaining them internally, healthcare organizations should prioritize certain baseline technical capabilities. Carrying out asset inventory helps document every component of the network infrastructure to ensure that things like vulnerability scanning gaps and weaknesses provide complete visibility.

As far as software solutions are concerned, endpoint detection and response are critical. In addition to cell phones and laptops, the healthcare environment is filled with connected devices such as infusion pumps, MRI machines, smart hospital beds and PACS systems that serve as a portal for cyberattacks. The Security Information and Event Management (SIEM) platform uses advanced analytics and AI capabilities to identify abnormal activity and other signs of threat, allowing teams to quickly detect and resolve events.

Needless to say, healthcare organizations must continue to mature their patch management processes to keep up with the ever-changing threat landscape. Regular user education is also essential to train employees to recognize phishing attempts and other scams to get a certificate, especially since healthcare professionals often work under fast-paced, high-pressure situations where cybersecurity issues and practices can be easily forgotten.

Finally, you will not be able to improve your network security response time without measuring the effectiveness of your plan. Regularly testing and evaluating exercises and other exercises can help organizations identify and resolve issues that cause delays or confusion. This is especially important in a landscape of threats and changing technologies.

Quick response doesn't happen through luck: it's planned

Reducing response time requires not only technology. It requires intelligent, proactive planning for incident response and recovery; fine-tuning techniques that optimize alerts and strengthen basic functions through asset inventory, vulnerability scanning, endpoint defense and security training. For many organizations, outsourcing cybersecurity to qualified partners can reduce the burden of internal resources.

In an environment where medical systems are increasingly popular with targets for cyberattacks, organizations must respond quickly and comprehensively. Preparation and precision not only protect data and money – they help save lives.

Photo: Boonchai Wedmakawand, Getty Images

This article passed Mixed Influencer program. Anyone can post a view on MedCity News' healthcare business and innovation through MedCity Remacence. Click here to learn how.