Best Practices: Preparing for the Inevitable Healthcare Cyberattack  

Healthcare organizations must be prepared for data security risks and operational disruptions from cyberattacks. Implementing best practices enhances cyber resilience, ensuring an efficient response and recovery when these incidents occur.

“Resilience in healthcare is crucial,” says David Houlding, Microsoft’s Director of Global Healthcare Security and Compliance Strategy. “Without it, timely and reliable access to data is compromised, which can critically impact patient care. Access to data at the point of care is essential, and any disruption can significantly hinder healthcare delivery, degrading the quality of patient care, or in the worst cases, jeopardizing patient safety.”

To strengthen resilience and maintain uninterrupted access to critical data, healthcare organizations should implement the following best practices.

1) Conduct a Thorough Risk Assessment

A comprehensive risk assessment helps healthcare organizations identify and address security gaps before they can be exploited by cyber threats.

The HIPAA Security Rule mandates covered entities to conduct a risk assessment and implement appropriate measures to address key areas and protect electronic protected health information. Risk analysis should be an ongoing process where covered entities and business associates continuously evaluate risks and security measures. Effective assessments identify and prioritize risks and help organizations focus limited time and resources on the highest priority risks. For each risk identified, they can then identify associated vulnerabilities, including unsecured networks, unpatched systems, and many others across the IT spectrum.

“Measuring security posture through risk assessments is vital for identifying gaps and mitigating risks,” notes Houlding. “Trusted compliance frameworks also help direct limited resources to where they can best improve security and lower risk.”

During a risk assessment, security practitioners identify risks to confidentiality, integrity, and availability of sensitive healthcare data and then prioritize risks according to impact and likelihood of occurrence. While a risk assessment won’t eliminate cyberattacks, it helps to guide limited resources to top-priority risks where they can do the most good in terms of improving security posture. This makes attacks harder for threat actors and gives the security team better visibility, improving monitoring, detection, response and recovery efforts.

2) Implement Strong Cybersecurity Policies and Procedures

After identifying security gaps through a risk assessment, healthcare organizations should implement strong cybersecurity controls and tighten procedures to reduce the occurrence and impact of cyberattacks. For example, segmenting critical systems from the network can help prevent threat actors from lateral movement inside the healthcare organization and accessing essential systems, minimizing risk of patient care disruptions.

As a preventive measure, security practitioners should address known vulnerabilities and secure medical devices prone to exploitation. Common vulnerabilities and insecure configurations in healthcare include web application vulnerabilities and unsupported software, data from the Cybersecurity and Infrastructure Security Agency shows.

Ensuring that all systems are protected by multifactor authentication (MFA) is another way to reduce the occurrence and impact of cyberattacks. Data from the HHS 405(d) Program showed that while over 90% of hospitals use MFA, its inconsistent application creates gaps. Implementing MFA across all systems strengthens network security and hinders threat actors.

Data backups and strong encryption are also critical for saving time and money during a breach. Proven best practices, including network segmentation, MFA, and vulnerability management, can help organizations mitigate risks and prepare for attacks.

3) Develop Response and Recovery Plans

The first step is recognizing that a cyberattack or data breach is likely. From there, security experts can plan response and recovery efforts in preparation for an incident. HIPAA requires that covered entities develop an incident response plan, along with a data backup, cyber recovery, and emergency mode operation plan to maintain compliance.

When a cyber incident occurs, healthcare organizations must be prepared to engage with stakeholders, legal counsel, law enforcement and patients. Conducting tabletop exercises with key stakeholders before a cyber incident can help organizations respond more efficiently and effectively amid an actual cyber event.

Incident response plans should include communication strategies, alternative ways to access patient records during EHR system downtime, and procedures to ensure the availability of critical healthcare data. After containing a threat, the focus shifts to executing a recovery plan that restores data and systems as quickly as possible.

“Cloud providers offer superior security compared to individual hospitals, enabling healthcare organizations to implement more effective response and recovery plans while securely shifting infrastructure and focusing on innovation and efficiency,” observes Jaimie Fox, Senior Technology Strategist at Microsoft.

While a cyberattack may be inevitable, conducting risk assessments, employing security best practices, and practicing incident response and recovery are domains that healthcare organizations can control.

4) Partner with a Strategic Technology and Services Partner

Partnering with a data protection provider specializing in cyber resilience and recovery in healthcare offers several critical advantages. Healthcare organizations with mixed infrastructure (on-premises, hybrid, cloud, multi-cloud) need a partner that unifies cyber resilience and data protection across environments for consistent security and availability. Consolidating backup systems into one solution reduces costs, eliminates redundant infrastructure, and minimizes technical debt, leading to improved efficiency. A specialized data recovery partner also enhances cyber resilience by ensuring recovery into clean environments, lowering the risk of reinfection after an attack.

Finally, a data protection and information management provider offering advanced capabilities around data storage, portability, and accessibility can enable seamless data movement and repurposing, supporting cloud migrations and enhancing business continuity. AI-driven automation further simplifies data protection, governance, and recovery processes, reducing administrative burdens on IT teams and enabling faster, more secure recovery from ransomware and other threats.

Commvault’s Cleanroom Recovery offers a groundbreaking solution for healthcare organizations facing ransomware, ensuring recovery into a clean environment and reducing reinfection risk. Validated by the Enterprise Strategy Group, it uses its unique any-to-any portability for efficient, secure data recovery. This capability is crucial for strengthening cyber resilience and enabling quick, safe restoration for healthcare organizations after an attack.

“Commvault is a key partner for healthcare organizations seeking cloud cyber resilience on Azure,” says Karen Cox, Microsoft’s Global Healthcare Partner Strategy Leader. “With deep Microsoft security integration, Commvault’s advanced solutions safeguard healthcare data and applications across cloud and hybrid environments.”