October 26, 2021

How aged care providers should respond to a cyber attack

StickmanCyber Team
Aged Care Insite

Ajay Unni, Founder and CEO, StickmanCyber, penned an opinion piece sharing insights on how organisations providing aged care should ideally respond to cyberattacks.

Read the full article below as featured in Aged Care Insite.

As I’ve written previously, cyber attacks on the healthcare sector are on the rise. The Australian Cyber Security Centre (ACSC) reported cyber security incidents relating to the Australian healthcare sector increased by 85 per cent in 2020. The health sector reported the highest number of cybercrime incidents to the ACSC in 2020, outside of government and individuals.

Cyber attacks can have devastating effects on an organisation's functionality and well-being. According to the 2019 Cost of Data Breach Report from Ponemon Institute and IBM Security, the global cost of data breaches in 2021 is expected to reach $6 trillion annually.

Aged care providers that suffer a cyber attack are usually unaware of the presence of a malicious actor until it is too late. Even if a threat is identified, security teams within facilities regularly avoid taking the appropriate action, either downplaying the severity of the attack or ignoring it entirely.

With such sensitive data under their protection, this type of response is unacceptable. Failure to appropriately communicate security breaches can open organisations up to fines and prolonged negative impacts such as reputational damage and financial losses.

Prevention is always the best cure, which is why we recommend that care homes get on the front foot before an attack occurs. Every organisation should have an incident response (IR) plan that helps them identify, contain and eliminate cyberattacks. IR plans outline what constitutes an attack and provide a clear guide on what steps should be taken if an incident were to occur.

Design an incident response plan that takes into account the unique security needs of your facility, or enlist a security specialist who will be able to design one for you. Consider which IT assets hold critical or sensitive information, and conduct a thorough inventory of IT infrastructure including networks, servers and endpoints.

Although IR plans should be comprehensive and detailed, they still need to remain clear and simple for employees to understand. A complex plan can prove to be counterproductive when it comes to managing incident responses effectively.

But what if your facility has already come under attack, and you need to cope with the fallout? The first step is to identify the weakness. Was it a phishing attack? Ransomware? A rogue actor from within your facility?

Answering these questions will most likely involve collecting data from IT systems, security tools, publicly available information, and people inside and outside the organization. It’s not going to be a big red flashing light and loud warning signal like in the movies – attacks are often designed to go completely undetected.

Once detected, the threat must be contained. This means stopping it from spreading to other parts of the organisation and successfully stopping it in its tracks. Without proper containment, incidents can spread across your aged care facility’s systems and networks, giving hackers unlimited access to your residents’ sensitive information.

Containment can often cause a lot of disruption to a facility, causing systems to go down and records to be temporarily blocked. The severity of your containment will depend on the level of damage the incident has caused, the ability of employees to continue operating, and the ability to continue servicing customers.

For example, do you need to completely wipe your records and start from scratch?

Or do you just need to change a small security detail that had been overlooked?

After the incident has been successfully contained, it’s important to ensure the attack is fully eradicated. This can be achieved by removing all elements of the incident, including identifying all affected hosts, removing malware, and closing or resetting passwords for breached user accounts.

Any shared accounts should be removed and replaced with individual accounts, and each individual account should have its password updated regularly. Every staff member should have their own accounts with their own unique user ID and password so that there is no need to share passwords between staff members.

With unique IDs enabled, every time someone accesses your network, you can log and track exactly when, where, and who it was accessed by. This will not only keep your own business records safe, but will keep your resident’s sensitive information safe and secure too.

A cyber attack can occur in many different ways, and the list of methods is only getting bigger. Staff must receive constant training with correct processes to help them spot any anomalies. Designing a healthy cyber security culture takes time and effort, but the pros far outweigh any cons.

As always, prevention is better than a reactive approach, and you can never be too prepared.

Cybersecurity is far more than installing a firewall, and you owe it to your customers to get it right before it goes wrong.

Similar posts

 

Optus has been hit with a major cyber attack

In today’s world businesses around the world as well as in Australia, face increasingly sophisticated and innovative cybercriminals targeting what matters most to them; their money, data and reputation. Download our guide to learn everything you need to know about the Optus Data Breach, as well as the nine steps every business around the world and in Australia needs to take to avoid being next.