March 15, 2022

Healthcare Security's Top Priority

Danika E. Brinda, PhD, RHIA, CHPS, HCISPP, CEO/President, TriPoint Healthcare Solutions

As hackers continue to heavily target the healthcare industry, it’s imperative for organizations to have a security incident response plan in place to identify and respond to cybersecurity incidents. Learn the key elements needed to create your organization’s plan so you’re prepared when breaches happen.

Imagine this scenario for a moment. At the beginning of the workday, your workforce logs into workstations as usual. A security incident occurs, and all computers are locked with a ransom screen indicating your network has been compromised. You have a full list of patients that need to be seen. What do you do?

The threat 

Situations like this are all too common as cybercriminals launch ongoing attacks on healthcare, taking advantage of increased remote work and continued disruption from the pandemic. In 2021, 678 newly disclosed and unique hacking incidents were reported, according to the Protenus’ 2022 Breach Barometer Report. These incidents, which included ransomware, malware, email, phishing, and other attacks by external actors accounted for around 75% of total healthcare breaches for the year.

A proactive response

In order to be confident in your response and act quickly to stem the damage from cybersecurity attacks before it spreads throughout your organization, you need to be proactive. To that end, HIPAA requires a detailed incident response plan, and organizations must have written policies and procedures to address security incidents. The plan description is intentionally vague because each plan will look different based on the size of the organization, whether they host data onsite or via SaaS, and other factors.

Under HIPAA, a security incident is “the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.” HIPAA’s implementation specification for response and reporting defines these actions:

  • Identify and respond to suspected or known security incidents.
  • Mitigate, to the extent practicable, harmful effects of security incidents that are known to the covered entity or business associate.
  • Document security incidents and their outcomes.

In order to comply with those response and reporting requirements, you need an incident response plan.

Key elements of a security incident response plan 

To formulate your organization’s own plan, consider these elements:

  • Identification of what specific event would be considered a security incident. Define security incidents specific to your organization and a categorization system for the security threats.
  • Determination of workforce members’ roles and responsibilities. Depending on the type and severity of the security incident, you may need to pull in outside help.
  • Definition of executive leadership and management involvement. When and how will you communicate incidents?
  • Security incident response process training for every member of your workforce. Your end users are often the first ones to find breaches — what’s the chain of notification? Do a dry run to determine any gaps.
  • Coordination with business associates. Identify steps to be taken in response to security incidents. Define who will be notified of the incidents and when.
  • Identification of process and timing to review and update your incident response plan. Your plan is not static, it will need to be updated at least on an annual basis. Determine who will take the responsibility and when they’ll complete the process.

If you’d like to see an example to formulate or compare your plan, this template is a good resource.

Having a security incident response plan is just as important as your organization’s cybersecurity tools and system backups to recover data. It really is a team effort involving the entire workforce.

insider incidents account for more than 1 in 10 breaches

This blog post was adapted from a Protenus PANDAS (people and analytics) presentation. To learn more about joining the premier community of your healthcare compliance peers and experts from Protenus who are moving healthcare forward, contact .