Prevention is always better than cure – as true in medicine as it is in the world of cyber. But like in the complex world of healthcare, vaccinations only work some of the time and then you have to figure out how to cure the infection.
One way that cyber and medicine do generally differ, however, is that if you do nothing to treat the infection in cyber, it will not go away by itself. So if your network is breached it will stay that way until you deal with it. And the longer you leave it, the more damage that potentially can be done.
Am I really at risk?
Every healthcare clinic and hospital around the globe remains at risk of being attacked by cybercriminals. And remember:
Small does not mean safe!
Criminals do target specific organisations but many attacks are carried out by bots that randomly attack million of companies continually all over the world until they succeed. And that organisation could just as likely be you, or a dentist in Peterborough or a GP surgery in Colchester.
By and large, the tantalizing target on healthcare’s back has been attributable to outdated IT systems, fewer cybersecurity protocols and IT staff, valuable data, and the pressing need for medical practices and hospitals to pay ransoms quickly to regain data.
And 2021 stats from a US Cyber company (Herjavec Group) make for stark reading
Healthcare provider attacks have more than quadrupled since 2017
Attacks don’t just steal or encrypt data – they are now targeting internet enabled medical devices (MRI scanners) and interfering with their productivity
It is highly likely that cyber-attacks have resulted in deaths and serious injury of patients
93% of healthcare organisations had suffered a cyber enabled data breach over the past 3 years. Almost 2/3 had had 5 or more.
Most healthcare providers felt ill-equipped to deal with the threat of cyber attacks against their organisation
What is incident response?
It will often start with a member of staff asking ‘Why can’t I open my files?’ But remember that many cyber attacks are carried out by stealth and they will not always want to be found. So the first consideration is ‘Do we have a process to proactively look for cyber-attacks even when everything appears to be operating normally?’ As a member of the ECRC you will receive free updates about vulnerabilities that have been flagged by other organisations specifically to help the wider community. Including you.
For many companies today, the first time they realise they need an Incident Response Plan coincides with the time that they realise they don’t actually have one.
Incident response is simply a document containing the details you need if you are worried that you have been victim of a cyber-attack and some key information to help you move through the various stages of containment and then recovery. Having a good response plan means that you are more likely to come through the experience more quickly and efficiently and with less of your systems exposed to the hack. And the responsibility for establishing and maintaining a plan is down to the business owner and not the managed service provider you use for your IT.
If you find that you have been breached, you may never find out exactly how – what is important is that at that point the criminals still have access to your network. The wrong decisions now could have a devastating effect on your business and you could face additional, financial, and reputational loss if you don’t make the right decisions next.
As can be seen in the below diagram you will generally start in the triage stage of the breach, trying to figure out what the scale of the breach is and the impact now and in the future.
What can I do now?
To save you the time of having to start one from scratch – go to our tools and download an incident response plan for free. All you have to do is read it and fill in the key bits of information and you have a document that you can rely on if the worst actually happens.
Practice Practice Practice. Once you’ve got an incident response plan prepared the next stage to establish your readiness is to try it out in a safe environment.
The National Cyber Security Centre’s Exercise in a Box is an excellent starting point. This exercise will help you to check out how well you and your business can respond to a cyber-attack. If you do not want to run this exercise yourself, we can lead this for you so you can get the most out of the exercise. Find out more here.
Increasingly cyber experts are accepting that blocking all cyber-attacks is not an achievable outcome and that it makes sense to be prepared for when the breach occurs. Being well prepared for a breach is a key step in making yourself resilient in the online world. So, download our template and try it out to see how well your company does. And if you need more guidance or support, contact the centre and we see how we can help.
Further guidance & support
Speak to us today and find out the guidance and support we can offer to your business. You can email us, send us a message or book a chat. Our website also contains numerous guidance and tools that can be accessed free for charge.
Sign up to our free membership and you will get a monthly newsletter with details about what is happening in the East of England, a weekly email breaking down cyber concepts into easy to understand and implement steps as well as a 1:1 conversation with a member of our team. There is no hidden cost, our core membership is free so why not join us today.
You may have access to some sort of IT support within your business and we recommend that you speak to them now to discuss how they can implement cyber resilience measures on your behalf. And find out if a response plan is currently held for your business and whether it is still in date!
Finally, don’t rely on insurance to protect you from all of the worlds cyber threats. However, it would be prudent to check what, if any insurance you have and what it actually covers. It could prove invaluable to help you quickly navigate through those early hours of an incident and should form part of the organisation response to an incident of this type. If you obtain Cyber Essentials then you get cyber insurance included as part of your accreditation. Find out more about cyber essentials here.
All the police forces across the Eastern region have dedicated specialist cybercrime teams who are highly trained and experienced in investigating cybercrime and at putting the victim’s needs at the forefront of the investigation.
It is really important if you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), that you call your local police at any time on 101 or report the attack to Action Fraud on 0300 123 2040 immediately.