How can a hospital prepare to protect its reputation during and after a cyberattack?

Date:  17 August 2022

How can a hospital prepare to protect its reputation during and after a cyberattack?

If your hospital is targeted in a cyberattack, it’s more than data at risk – the reputational consequences can lead to a damaging loss of trust.

On 11 August 2022, the IHF’s Harnessing Big Data Special Interest Group hosted a lunch and learn session in collaboration with Vizient, Inc. The free online seminar focused on helping CEOs and C-suite executives prepare effective communications strategies to minimize negative impacts in the event of a cyberattack.

The current landscape of cybersecurity

Speaker Lynn Sessions, a partner at Baker Hostetler specializing in healthcare privacy, data security, and breach response, revealed that 23% of the cybersecurity incidents her firm handled in 2021 occurred within the healthcare sector. Furthermore, 2021 saw an uptick in ransomware attacks targeting healthcare organizations. Ransomware is a type of malware that has the capability to infect and encrypt your data to the point of inhibiting access. To stop the spread of the attack, it is recommended to shut the entire system down while sweeps are conducted. Such attacks can leave hospitals without access to their systems for days, potentially weeks.

 Dr Michael Ash (Nebraska Medicine) spoke of the time his organization suffered a malware attack in the early stages of the COVID-19 pandemic. At the time, the average system downtime was 14 days; more recent data reports that the average duration has extended to 21 days. This downtime can affect your ability to access medical records, laboratory systems, radiology, and clinical equipment, etc. The costs of a cyberattack can include: collateral damage; the slowed or intermittent loss of system access; the loss of business and research data; the deliberate encryption of clinical data; and the theft of clinical care data. All of which can lead to serious financial and legal repercussions.

Preparation is key

With the rise of multi-factor authentication technology, system intrusion has overtaken email phishing attacks as the number one method of cyberattack. This development means that standard prevention methods are not a sufficient sole defense against cyberattacks. Instead, thorough preparation with institutionalized and practiced response plans are the only way to ensure your organization is ready to respond prior, during, and after a cybersecurity attack. David Willis, Senior Information Security Officer with the NHS (Lancashire & South Cumbria Health & Social Care Partnership), guaranteed that it’s not a case of IF your organization will be affected by a cyberattack, but WHEN.

Are you prepared?

At the start of the session, only 5% of session attendees felt their organization was “well-prepared” to respond to a cyberattack. Our speakers provided some initial action steps and resources for hospital executives to reflect on.

Action steps:

1. Consider your system typology.

■    Are all of your systems independent or interconnected? — Using different systems for different tasks can limit the spread of malware and prevent a total loss of function.

2. Develop an incident response plan and cheat sheet.

■    Ensure the response plan is always on hand (not stored with the hospitals’ data systems) for quick action in the event of an attack.
■    Include multiple points of contact for decision-making to ensure a rapid response.

3. Maintain other forms of communication.

■    Plan to utilize mobile phone numbers and back-up email systems not connected to the main systems.

4. Conduct tabletop exercises to practice responses.

■    Testing and practicing will help you spot gaps in your preparation.
■    Actively include senior leaders to increase understanding of the seriousness of the impact of cyberattacks.
■    Develop and practice paper documentation procedures that can be implemented immediately. Remember to consider personnel whose entire careers have been digital.

5. Work with clinical leaders to create procedures to maintain full capabilities.

■    Clinicians will recognize needs and obstacles that administrative workers might miss.
■    Pay special attention to radiation and oncology procedures. — The highest number of bad outcomes occurring during a cyberattack are connected to radiology and oncology.

6. Ask yourself?

■    Do you understand the impact of digital loss?
■    Do you understand the indirect impact of digital loss?
■    Are you prepared for digital loss?
■    Do you understand your role before, during, and after a cyberattack?


Recommended resources:

News & insights

Look into our latest...

Getting started: Getting the Board on board

Hospitals play an important role in communities, however, they also have a significant environmental impact. Embedding sustainability into a governance...

Navigating Net Zero – an overview of the Geneva Sustainability Study Tour for Polish Hospital Executives

On  1–2 May 2023, the IHF’s Geneva Sustainability Centre was pleased to welcome the Polish Hospital Federation (PFSz) for a...

Key takeaways on cyberattacks on healthcare

Hospitals hold critical and valuable information such as patient data and financial information, as well as cutting-edge research and innovation....

Getting started: Green spaces in healthcare

Sustainable hospitals and healthcare delivery settings can use their surrounding environments to strive for better health outcomes. Green spaces (in...