Healthcare Scores Terribly for Practicing the Cyber Incident Response

The healthcare industry had an awful 2021 in terms of data breaches with over 50 million records breached and above 900 data breaches were reported by databreaches.net. Considering the magnitude to which the healthcare sector is attacked by cyber actors, the danger of a data breach happening is high. A SecureLink/Ponemon Institute review in 2021 discovered 44% of healthcare and pharmaceutical firms encountered a data breach in the last year.

Although steps can be done to enhance defenses to avoid cyber attacks from succeeding, healthcare companies must be ready for the worse and must have an incident response plan set up that could be promptly started in the event of a cyberattack. With correct planning, when a cyberattack happens, healthcare providers will be prepared and will be able to recover in the least possible time frame.

Regular exercises ought to be done to make sure everybody knows their duties and that the plan works. Oftentimes, cyberattack victims see that their incident response plan is not enough or ineffective due to inadequate testing, which may bring about a slow and expensive response to a cyberattack.

This month, Immersive Labs issued its 2022 cyber workforce benchmark report, which contained data from about 2,100 institutions from a variety of industries that utilize the Immersive Labs platform for performing cyber crisis simulations. Remarkably prized, high profile targets such as financial and technology services conducted the most cyber crisis exercises, doing an average of 7 and 9 exercises annually respectively, nevertheless, healthcare companies were near the bottom of the list, doing an average of 2 exercises annually.

In the event of a cyberattack, a lot of different people will be engaged in the response. It is for that reason crucial for those individuals to take part in exercises. It is not surprising that the more persons who are involved in incident response exercises the more prepared an organization will be to act in response to a cyberattack. Immersive Labs measured the performance of the exercises and found that every exercise that scored over 90% for effectiveness had about 11 people taking part. All but one of the crisis situations that had a score of less than 50% for effectiveness had just one person engaging. In healthcare, an average of 4 people joined in the exercises, in comparison to 21 in education and 7 in technology.

Immersive Labs examined performance with regard to the crisis response activities and computed a score dependent on the type of choices made all through the entire simulation. The average performance score in all exercises was 68%, which indicates there is substantial room for improvement. The prominent industry was manufacturing, with a performance rating of 85%. Worryingly, medical care performed the worst out of all industries for cyber crisis response by some distance, attaining a performance score of only 18% – substantially lower than the next worst-performing segment – financial services – which scored 45%.

Immersive Labs additionally analyzed the speed at which 35,000 members of cybersecurity teams at 400 large companies took to develop the expertise, abilities, and judgment to deal with 185 breaking threats. On average, it required 96 days for teams to grow the skills to secure against breaking threats. They discovered that mitigating against a vulnerability in the Exim mail transfer agent – which affected over 4.1 million systems and was being actively exploited – took security teams more than 6 months on average to grasp. CISA states vulnerabilities must be patched within 15 days from initial detection.

Developing the human skills to fight attackers is slow, particularly in healthcare. The best performing industry was leisure/entertainment, which took typically 65 days for security groups to build the required skills. In medical care, it had taken about 116 days. Only infrastructure, consulting, and transport performed worse. Throughout all industry sectors, the average time frame to develop the competencies to respond to threats was 96 days.

The current cyber crisis is an all-encompassing organizational tension. Stopping incidents that halt operations and ruin reputation, corporate value and stakeholder relationships demands a holistic response from the entire labor force. Reaching this sort of resilience calls for a constantly maturing responsive capability for technical and non-technical teams, created by exercising with a cadence that traditional tabletop exercises struggle to reach… exercising to collect evidence, and then utilizing these insights to equip teams with pertinent skills, is crucial to ongoing resilience.