technology
“ Every organisation should have an incident response ( IR ) plan that helps them identify , contain and eliminate cyber attacks .
Safe from harm
Tips on responding to a cyber attack .
By Ajay Unni
The Australian Cyber Security Centre ( ACSC ) reported cyber security incidents relating to the Australian healthcare sector increased by 85 per cent in 2020 . The health sector reported the highest number of cybercrime incidents to the ACSC in 2020 , outside of government and individuals .
Cyber attacks can have devastating effects on an organisation ’ s functionality and well-being . According to the 2019 Cost of Data Breach Report from Ponemon Institute and IBM Security , the global cost of data breaches in 2021 is expected to reach $ 6 trillion annually .
Aged care providers that suffer a cyber attack are usually unaware of the presence of a malicious actor until it is too late . Even if a threat is identified , security teams within facilities regularly avoid taking the appropriate action , either downplaying the severity of the attack or ignoring it entirely .
With such sensitive data under their protection , this type of response is unacceptable . Failure to appropriately communicate security breaches can open organisations up to fines and prolonged negative impacts such as reputational damage and financial losses .
Prevention is always the best cure , which is why we recommend that care homes get on the front foot before an attack occurs .
Every organisation should have an incident response ( IR ) plan that helps them identify , contain and eliminate cyber attacks .
Design an incident response plan that takes into account the unique security needs of your facility , or enlist a security specialist who will be able to design one for you . Consider which IT assets hold critical or sensitive information , and conduct a thorough inventory of IT infrastructure including networks , servers and endpoints .
Although IR plans should be comprehensive and detailed , they still need to remain clear and simple for employees to understand . A complex plan can prove to be counterproductive when it comes to managing incident responses effectively .
But what if your facility has already come under attack , and you need to cope with the fallout ? The first step is to identify the weakness . Was it a phishing attack ? Ransomware ? A rogue actor from within your facility ?
Answering these questions will most likely involve collecting data from IT systems , security tools , publicly available information , and people inside and outside the organisation . It ’ s not going to be a big red flashing light and loud warning signal like in the movies – attacks are often designed to go completely undetected . Once detected , the threat must be contained . This means stopping it from spreading to other parts of the organisation and successfully stopping it in its tracks . Without proper containment , incidents can spread across your aged care facility ’ s systems and networks , giving hackers unlimited access to your residents ’ sensitive information .
Containment can often cause a lot of disruption to a facility , causing systems to go down and records to be temporarily blocked . The severity of your containment will depend on the level of damage the incident has caused , the ability of employees to continue operating , and the ability to continue servicing customers .
For example , do you need to completely wipe your records and start from scratch ?
Or do you just need to change a small security detail that had been overlooked ?
After the incident has been successfully contained , it ’ s important to ensure the attack is fully eradicated . This can be achieved by removing all elements of the incident , including identifying all affected hosts , removing malware , and closing or resetting passwords for breached user accounts .
Any shared accounts should be removed and replaced with individual accounts , and each individual account should have its password updated regularly . Every staff member should have their own accounts with their own unique user ID and password so that there is no need to share passwords between staff members .
With unique IDs enabled , every time someone accesses your network , you can log and track exactly when , where , and who it was accessed by . This will not only keep your own business records safe , but will keep your resident ’ s sensitive information safe and secure too .
A cyber attack can occur in many different ways , and the list of methods is only getting bigger . Staff must receive constant training with correct processes to help them spot any anomalies . Designing a healthy cyber security culture takes time and effort , but the pros far outweigh any cons .
Cybersecurity is far more than installing a firewall , and you owe it to your customers to get it right before it goes wrong . ■
Ajay Unni is the founder of StickmanCyber .
28 | nursingreview . com . au