Guidance on Managing the Cybersecurity Tactical Response in a Pandemic

The Healthcare and Public Health Sector Coordinating Council (HSCC) and the Health Information Sharing and Analysis Center (H-ISAC) issued a joint guidance on managing the cybersecurity tactical response when facing emergency cases, for instance, a pandemic.

Threat actors will attempt to exploit emergency scenarios to carry out attacks, which was plainly the case at this time of the COVID-19 pandemic. In a lot of instances, the length of an emergency will restrict the possibility for threat actors to exploit, but during a pandemic the time frame of exposure is longer. The SARS-CoV-2 outbreak was announced on January 30, 2020 as a public health emergency, providing threat actors sufficient time to take advantage of COVID-19 to perform attacks on the healthcare sector.

The important element to handling the greater level of cybersecurity risk at the time of emergency cases is preparation. Without preparation, healthcare institutions will be continuously fighting fires and rushing to enhance security at the moment when resources are stretched thin.

The recent guidance was produced during the COVID-19 pandemic by H-ISAC, HSCC’s Cybersecurity Working Group (CWG), the healthcare industry and government cybersecurity specialists and is meant to assist healthcare organizations to create a tactical response for handling cybersecurity threats that arise during emergencies and to assist them to improve their degree of preparedness.

During the COVID-19 crisis, cyber threat actors have carried out a variety of attacks on healthcare companies which include phishing attacks, domain attacks, and ransomware and malware attacks. The attacks happen at a time when healthcare institutions were trying to give patient care for highly infectious patients, set up remote diagnostic and treatment services, and switch to teleworking to avoid the spread of COVID-19. The modification in working routines substantially amplified the attack surface and launched new vulnerabilities and attack vectors.

The vulnerability to malicious cyber-actors increases for each gain provided by automation, interoperability, and data analytics. To curb these attacks prior to they happen, it is important for healthcare companies to establish, employ, and maintain present and effective cybersecurity procedures.

Healthcare organizations of all sizes could use the guidance document to enhance their cybersecurity programs and get ready for emergency scenarios. Smaller healthcare providers may use the guidance for choosing appropriate measures to enhance their security posture, while bigger organizations that have already prepared their tactical crisis response may make use of the guide as a checklist to make sure nothing is overlooked.

The guidance document places tactics, practices, and activities into four major categories:

  • Education and Outreach
  • Enhance Prevention Techniques
  • Enhance Detection and Response
  • Take Care of the Team

The cybersecurity response to an emergency is mostly based on technical settings, however, HSCC/H-ISAC makes clear that education and outreach have an essential role in the response strategy’s success. In emergency circumstances, even the perfectly laid plans may come unstuck with no appropriate education and outreach. Organizations that communicate their plans efficiently will minimize misunderstandings, boost response times, and increase the efficiency of their cybersecurity plan. The guide details how to create a communication plan and perform policy and procedure assessments properly.

Stopping cyberattacks is crucial. The majority of healthcare companies will have put in place a variety of measures to combat cyberattacks before the public health emergency, however HSCC/H-ISAC advocates three practices that ought to be assessed: Restricting the likely attack surface, strengthening remote access, and using threat intelligence feeds.

Restricting the attack surface calls for efficient vulnerability management, quick patching, protecting medical devices and endpoints, and regulating third-party network access. The guidance document advises a few of the means of protecting remote access, and how to take advantage of threat intelligence feeds to avoid attacks and speed up the response.

A lot of attacks are hard to prevent, therefore it is crucial for systems to be created and executed to identify successful attacks and react immediately. The guidance document recommends several steps to improve detection and reaction to attacks.

It is additionally essential to manage the team. In desperate circumstances, health, safety, work security, and financial steadiness are all important issues for healthcare workers. It is essential for companies to communicate properly with their employees and deal with these concerns and talk about how the company will help employees throughout the crisis.

The guidance document can be viewed on this link. HSCC introduced a second guidance document earlier this month that features steps healthcare companies can take on to safeguard trade secrets and research. The guidance document can be downloaded here.