You’ve suffered a healthcare data security breach. What do you do now? First, call us for guidance. In most cases, regulations state that a healthcare data breach must be reported within 60 days; but first, follow this checklist.
How to Handle a Healthcare Data Breach
As soon as you discover your healthcare facility’s data has been compromised, your first goal is to stop the data breach and restore operations, followed later by investigation and prevention. Start with these seven critical steps:
- Remove affected devices from network
- Checking audit/logging systems
- Changing passwords
- Starting an investigation
- Determining the root cause
- Outline next steps
- Communicate your plan
Let’s take a more in-depth look at these critical steps.
7 Steps To Take After a Healthcare Data Breach
1. Freeze Everything
First things first: freeze everything. All affected devices, or those assumed to be, should be immediately taken offline. Do not shut them down or alter them in any way. The goal is to stop communication to and from the impacted systems. If you have a virtual machine and you can initiate a snapshot at this moment, do that immediately.
2. Check Auditing and Logging Systems
An attacker will frequently have disabled the auditing and logging processes to cover their tracks, so make sure you turn these systems back on immediately.
3. Change Passwords
Change all passwords and lock all credentials. Doing so ensures the cessation of the breach if it is still ongoing.
4. Start Investigating
The next step is to begin investigating the impact. You’ll want to know:
- What happened
- What information was accessed
- Which systems and accounts were compromised
You’ll need to have this information to determine the scope of the breach and to begin formulating a plan to solve it.
5. Determine How it Happened
Work to figure out how the breach happened. In the rush to get it fixed, there is less due diligence conducted to find the cause of the incident since the priority is to get everyone back online. But this is a band-aid solution.
In a hospital with 3000 employees, it takes time to find out that a board member left their unencrypted cell phone in a Hong Kong cab. But, don’t stop after finding a single unauthorized point of entry, because large companies are often attacked on multiple fronts. Assume that you were breached on more than one point of entry.
6. Determine Your Next Steps
Once you know the source or cause of the incident, it’s time to figure out your corrective actions. Establish whether you need to wipe a stolen device remotely, or update some software, or change network firewall rules, run anti-malware scans, improve logging, or whatever else. Then, enact your action plan immediately.
7. Communicate Your Plan
Depending on the nature of the breach, your legal team, public relations, human resources, and even customer service may need to be trained in a uniform response to inquiries from the public. Additionally, you may need to communicate this to HIPAA, or the governing body that oversees your industry.
Following these seven steps will help you navigate a healthcare data security breach. If you are affected, contact us to speak to one of our healthcare IT experts and learn how we can help you recover as quickly as possible.