Cyber security professionals criticize the prolonged recovery process of Change Healthcare following a cyber attack
Article: Best Practices for Response and Recovery During Prolonged Cyberattacks: A Case Study on Change Healthcare
The ongoing cyberattack on Change Healthcare, a leading healthcare claims clearinghouse, has caused nationwide disruption and raised new questions about the effectiveness of resilience best practices in the face of prolonged attacks. With more than 110 services still offline, the incident serves as a cautionary benchmark for healthcare cybersecurity preparedness and recovery.
Experts have emphasized the importance of a comprehensive, multi-layered approach that integrates prevention, preparedness, response, and resilience to minimize operational disruption and data compromise from such attacks.
Strengthening Cyber Hygiene and Preventive Measures
Key best practices include requiring multifactor authentication for all logins, applying critical patches and software updates promptly, hardening the network, maintaining offline backups, and regularly testing restoring from backups. These measures aim to prevent unauthorized access and data loss.
Developing and Continuously Updating an Incident Response and Recovery Plan
A living response plan involving cross-functional leadership is crucial. Regular tabletop exercises and incident simulations help rehearse response and recovery scenarios, focusing on ransomware and system downtime. Prioritizing critical systems for rapid recovery is essential to maintain essential healthcare operations.
Embedding Cybersecurity into Organizational Culture and Employee Training
Providing ongoing, role-specific security training, promoting a response culture, and recognizing human factors as pivotal can reduce errors under clinical pressures. Embedding cyber awareness into daily workflows is key to building a resilient organization.
Adopting a Risk-Based, Dynamic Threat Management Approach
Implementing continuous monitoring, automating patch management, and access reviews help adapt to emerging vulnerabilities rapidly. Understanding organizational risk tolerance with executive and board oversight is crucial to define what level of risk is acceptable and where to focus resilience efforts.
Prioritizing Resilience and Business Continuity
Assuming that cyberattacks are inevitable and structuring recovery and business continuity plans accordingly is essential. Regular testing of these plans and defining downtime procedures ensure clinical operations can continue despite IT system failures.
Vendor and Third-Party Risk Management
Assessing the cybersecurity posture and breach history of vendors and business associates is crucial. Incorporating these considerations into contractual agreements and ongoing risk evaluations help mitigate risks.
The ongoing recovery of Change Healthcare's IT systems serves as evidence of deficiencies in their backup procedures and preparation to respond to cyberattacks. Given the apparent large scope of the attack, complete rebuilding of their infrastructure from the ground up might be necessary. Recovering from ransomware attacks can be a complicated endeavor, especially when malware or footholds need to be eradicated from many interconnected systems. Most organizations can operate with critical systems up while restoring and validating services, but Change Healthcare's critical business of medical billing might make running in a degraded state difficult or impossible.
Organizations must treat cybersecurity as a top-down priority and embed resilience into their core operations to mitigate the impact of future attacks. Continuous vigilance and adaptation are necessary as cyber threats evolve rapidly.
- In the ongoing cyberattack on Change Healthcare, the importance of promptly applying critical patches and software updates, as a preventive measure, cannot be overstated to minimize operational disruption and data compromise.
- To respond effectively to ransomware attacks and system downtime, having a living incident response and recovery plan involving cross-functional leadership and regular tabletop exercises is crucial.
- Embedding cybersecurity awareness into daily workflows and promoting a response culture among employees can help reduce errors and enhance organizational resilience during cyberattacks.
- To adapt to emerging vulnerabilities swiftly, implementing continuous monitoring, automating patch management, and access reviews are essential components of a dynamic threat management approach.
- In order to mitigate risks from vendors and third parties, organizations should assess their cybersecurity posture, breach history, and incorporate these considerations into contractual agreements and ongoing risk evaluations.
