Healthcare organizations should consider how they plan for natural disasters such as hurricanes as they prepare for disruptive cybersecurity events such as ransomware attacks, says Paige Peterson Sconzo, director of healthcare services at security firm Redacted Inc.
“The best way to think about this is readiness planning, not disaster or cyber planning,” she says. “All organizations have in-depth readiness planning regarding natural disasters like tornados or floods. And that same approach should be used for cyberattacks that can take a facility offline and impact patient care,” she says in an interview with Information Security Media Group.
If an organization needs to take systems offline following a ransomware attack and must resort to paper and manual processes, there are many considerations to plan for, she says.
“Do you have enough reams of paper to print out orders? Who keeps the paper forms up to date for each specialty? What about the billing forms? Do you have runners to take your orders for prescriptions from the floor to the pharmacy? What about your mag doors and access through badges? All of this is affected if you go offline,” she says.
“Think about your readiness planning as a natural disaster” and consider “how you are going to keep your organization running. It helps to think of this in a holistic manner,” she says.
In the interview (see audio link below photo), Peterson Sconzo also discusses:
- Mistakes to avoid in cyber incident response;
- The most concerning recent cybersecurity trends in healthcare;
- Cybersecurity threats facing healthcare sector entities in the months ahead.
Peterson Sconzo has more than 15 years of direct patient care experience within the academic, private practice and government services sectors related to cybersecurity.