AHP Connect Articles

AHP Connect delivers updates on industry news and research, educational and professional opportunities, best practices and other articles related to health care philanthropy.

5 Tips to Survive the Aftermath of a Cyber Attack

Olivia Hairfield
Published:  08/13/2020

person typing on computer

Over the past few years, ransomware attacks targeting healthcare institutions have increased significantly. In a 2020 report, Comparitech shared that 172 United States healthcare organizations have been affected by a ransomware attack since 2016. If you fall victim to an attack, your organization—and your donors—are left in a vulnerable place. In this list, we’ll cover potential next steps when faced with a ransomware attack.

#1 Communicate internally.

After an attack, it is imperative to notify your entire staff, from your administrative staff to your board. Only by working together to follow cybersecurity best practices can you prevent against future incidents.

Train your employees to recognize an attack before it happens. For example, the Hollywood Presbyterian Medical Center was targeted by ransomware in 2016. The hospital was infected by the delivery of an email with an attachment disguised as an invoice. Phishing attacks like this use email to collect personal and financial information or infect your machine with malware and viruses. Cybercriminals use legitimate-looking emails—like an invoice communication—to encourage people to click on a link or open an attachment. To combat this, make sure to look closely at the sender’s email. The name may be of a person you know, but does the email address look a little off, or does the tone of the email not match previous exchanges? Get verbal confirmation from the sender to confirm its legitimacy. When in doubt of an email’s authenticity, it’s best to delete it. Read more tips from the Department of Homeland Security.

#2 Communicate with your donors.

Creating a bridge of trust is a crucial component of a donor’s journey. As an organization, notifying your community of any cybersecurity attack when personal information is at risk is essential to maintain that relationship. For this type of communication, focus on these five elements:

What Happened
What Information Was Involved
What Has Your Organization Done to Address the Current Situation
What Will You Do in the Future to Prevent the Situation Recurring
Where Can Donors Go to Find More Information

The example below from LifeLabs hits each point in thorough detail.

Through proactive surveillance, LifeLabs recently identified a cyber-attack that involved unauthorized access to our computer systems with customer information that could include name, address, email, login, passwords, date of birth, health card number and lab test results.

From the start, LifeLabs provided a full account of the attack and what information was vulnerable.

We have taken several measures to protect our customer information, including:

  • Immediately engaging with world-class cyber security experts to isolate and secure the affected systems and determine the scope of the attack;
  • Further strengthening our systems to deter future incidents;
  • Retrieving the data by making a payment. We did this in collaboration with experts familiar with cyber-attacks and negotiations with cyber criminals;
  • Engaging with law enforcement, who are currently investigating the matter; and
  • Offering cyber security protection services to our customers, such as identity theft and fraud protection insurance.

LifeLabs laid out what had already been done to address the problem.

While we’ve been taking steps over the last several years to strengthen our cyber defenses, this has served as a reminder that we need to stay ahead of cybercrime which has become a pervasive issue around the world in all sectors.

LifeLabs spoke to its future actions to prevent an attack from happening again.

For more information and to learn more on how to sign up for cyber security protection services, please visit https://customernotice.lifelabs.com.

And finally, it provided a way to follow up on the incident. Read the full letter here.

#3 Don’t forget HIPPA and PIPEDA requirements.

While HIPPA’s Privacy Rule and PIPEDA differ in some respects, the intent is the same. A breach of protected health information (US) or personal health information (CA) must be disclosed to the individual at risk if an incident meets certain criteria.

In the US, communicating with individuals depends on the scope of the breach. High-risk breaches must be reported to the individuals affected. Low-risk do not have the same requirement. The organization can determine what classifies as high or low risk. If a breach impacts 500 or more individuals, an organization must notify those individuals, the Secretary of Health and Human Services, and media outlets in the jurisdiction within 60 calendar days of the discovery. If the breach affects fewer than 500 individuals, the organization must notify HHS no later than 60 days after the calendar year in which the incident took place.

In Canada, PHIPA requires disclosure to the Privacy Commissioner of Canada and the individuals affected if there’s a real risk of significant harm (RROSH). Significant harm includes bodily harm, humiliation, damage to reputation or relationships, loss of employment, business or professional opportunities, financial loss, identity theft, negative effects on the credit record, and damage to or loss of property. However, Provinces very on the stringency of this assessment, so keep up to date with the laws in your area.

#4 Update your technology.

In a 2017 report, the US’s Healthcare Industry Cybersecurity Task Force noted legacy equipment as a top vulnerability for cyber attacks. Technology utilizing old, unsupported operating equipment is at a higher risk. While it can be a challenge to stay up to date, collaborating with your IT team to stay on top of technology is imperative. Here’s an easy update to start the process: double your login protection with two-factor or multi-factor authentication. The National Institute of Standards and Technology offers this guide to get started.

#5 Is your office working from home?

With the increase in remote work, it’s essential to implement cybersecurity best practices at home or on the go. Make sure to limit access to only what staff members need to perform their job. Limit the use of personal devices and email accounts to access organization information. Avoid sending sensitive information over public Wi-Fi. For more tips, check out this list from the Canadian Centre for Cyber Security.

Overall, just remember the sophistication of ransomware attacks increases as fast as we can think up new ways to thwart their efforts. Stay vigilant.

Meet The Author

Olivia Hairfield
Marketing Manager
Association for Healthcare Philanthropy

Share This

facebook-icon twitter-icon linkedin-icon