The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article.
Healthcare data breaches are on the rise, with a total of 809 data violation cases across the industry in 2023, up from 343 in 2022. The cost of these breaches also soared to $10.93 million last year, an increase of over 53% over the past three years, IBM’s 2023 Cost of a Data Breach report reveals. But data breaches aren’t just expensive, they also harm patient privacy, damage organizational reputation, and erode patient trust in healthcare providers. As data breaches are now largely a matter of “when” not “if”, it’s important to devise a solid data breach response plan. By acting fast to prevent further damage and data loss, you can restore operations as quickly as possible with minimal harm done.
Contain the Breach
Once a breach has been detected, you need to act fast to contain it, so it doesn’t spread. That means disconnecting the affected system from the network, but not turning it off altogether as your forensic team still needs to investigate the situation. Simply unplug the network cable from the router to disconnect it from the internet. If your antivirus scanner has found malware or a virus on the system, quarantine it, so it can be analyzed later. Keep the firewall settings as they are and save all firewall and security logs. You can also take screenshots if needed. It’s also smart to change all access control login details. Strong complex passwords are a basic cybersecurity feature difficult for hackers and software to crack. It’s still important to record old passwords for future investigation. Also, remember to deactivate less-important accounts.
Document the Breach
You then need to document the breach, so forensic investigators can find out what caused it, as well as recommend accurate next steps to secure the network now and prevent future breaches. So, in your report, explain how you came to hear of the breach and relay exactly what was stated in the notification (including the date and time you were notified). Also, document every step you took in response to the breach. This includes the date and time you disconnected systems from the network and changed account credentials and passwords.
If you use artificial intelligence (AI) tools, you’ll also need to consider whether they played a role in the breach, and document this if so. For example, ChatGPT, a popular chatbot and virtual assistant, can successfully exploit zero-day security vulnerabilities 87% of the time, a recent study by researchers at the University of Illinois Urbana-Champaign found. Although AI is increasingly used in healthcare to automate tasks, manage patient data, and even make tailored care recommendations, it does pose a serious risk to patient data integrity despite the other benefits it provides. So, assess whether AI influenced your breach at all, so your organization can make changes as needed to better prevent data breaches in the future.
Report the Breach
Although your first instinct may be to keep the breach under wraps, you’re actually legally required to report it. Under the HIPAA Breach Notification Rule, breaches that affect 500 or more people must be reported to the U.S. Department of Health and Human Services within sixty days. For smaller breaches, you can submit a report once a year. You’ll also need to inform your employees. Not only should employees know to keep the matter confidential and not discuss the breach outside of work, but they should also be trained on how to spot and avoid cybersecurity threats like phishing schemes.
If the breach is a large one, you’ll also need to inform the public. Although publicly admitting to mistakes is never fun, honesty and transparency can do a lot to regain trust and credibility among patients. Holding back the news for too long, on the other hand, only damages trust and brand reputation. Only provide as much information as truly needed, and emphasize that patient data security is your top priority.
With data breaches only continuing to rise, it is important healthcare providers have a solid response plan in place. By implementing the above best practices, you can successfully mitigate further damage, protect patient data, and restore operations as quickly as possible.