Guidance Document on Handling the Cybersecurity Tactical Response During a Pandemic

The Healthcare and Public Health Sector Coordinating Council (HSCC) and the Health Information Sharing and Analysis Center (H-ISAC) published a joint guidance on cybersecurity tactical response management when going through emergency conditions, like a pandemic.

Threat actors are going to make an effort to take advantage of emergency events to perform attacks, which was undoubtedly noticed at this period of the COVID-19 pandemic. In numerous situations, the entire time of an emergency will control the likelihood for threat actors to capitalize on the situation, but with a pandemic the time period of exposure is prolonged. The SARS-CoV-2 episode was proclaimed on January 30, 2020 as a public health emergency, allowing threat actors enough time to make use of COVID-19 to execute attacks on the healthcare industry.

What is essential to managing the higher level of cybersecurity danger through emergency conditions is planning. Without planning, healthcare providers will be continually fighting fires and struggling to better security during the time when resources are outspread.

The latest guidance was made for the COVID-19 crisis by HSCC’s Cybersecurity Working Group (CWG), H-ISAC, and healthcare sector and government cybersecurity professionals and is designed to guide healthcare providers produce a tactical response for dealing with cybersecurity threats that crop up at the time of emergencies and to aid them to boost their level of readiness.

At this time of the COVID-19 pandemic, cyber threat actors have performed an array of attacks on healthcare institutions such as domain attacks, phishing attacks, and malware and ransomware attacks. The attacks occurred at a time when healthcare providers were striving to deliver health care for highly infectious patients, utilize remote diagnostic and medication services, and transition to teleworking to avert the spread of the coronavirus. The transformation in working procedures considerably expanded the attack surface and presented new attack vectors and vulnerabilities.

The exposure to malicious cyber-actors goes up with every gain afforded by automation, interoperability, and information analytics. To combat these attacks well before they come about, it is vital for healthcare institutions to establish, use, and retain existing and effective cybersecurity strategies.

Healthcare institutions of different sizes can utilize the guidance document to strengthen their cybersecurity programs and be prepared for emergency cases. Smaller healthcare companies could employ the guidance for selecting suitable measures to boost their security posture, whereas larger sized institutions that have previously organized their tactical crisis response could employ the guide as a list to make certain nothing is skipped.

The guidance document puts strategies, practices, and activities into four primary groups:

  1. Education and Outreach
  2. Enhance Prevention Techniques
  3. Enhance Detection and Response
  4. Take Care of the Team

The cybersecurity response to a crisis is mainly centered on technical regulators, nevertheless, HSCC/H-ISAC points out that education and outreach take a crucial part in the response strategy’s good results. In emergency scenarios, even the best-laid plans could come unstuck without having the right education and outreach. Organizations that communicate their plans properly will lessen mix-up, better response times, and boost the performance of their cybersecurity plan. The guide makes clear how to make a communication plan and execute policy and procedure evaluations correctly.

Avoiding cyber attacks is very important. Many healthcare institutions will have used many different measures to curb cyberattacks ahead of the public health emergency, nonetheless, HSCC/H-ISAC recommends three practices must be evaluated: Confining the probable attack surface, reinforcing remote access, and utilizing threat intelligence feeds.

Limiting the attack surface demands reliable vulnerability management, fast patching, keeping safe medical devices and endpoints, and controlling third party network access. The guidance document recommends a number of the tactics of securing remote access, and how to use threat intelligence feeds to avert attacks and quicken the response.

Plenty of attacks are tough to prevent, thus it is essential for processes to be designed and employed to locate successful attacks and act promptly. The guidance document advises a number of steps to optimize detection and resolution to attacks.

It is likewise crucial to handle the team. In critical conditions, health, well-being, employment security, and financial reliability are all major considerations for healthcare personnel. It is necessary for businesses to communicate appropriately with their staff and street address these concerns and discuss how the business will assist employees while in the crisis.

The guidance document can be downloaded on this link. HSCC published another guidance document earlier this month that highlights steps healthcare institutions can do to secure trade secrets and research work. The guidance document can be viewed here.