Planning for Regional Cyber Incident ResponseDr. Christian Dameff of the University of California on Critical Response Concerns
Hospitals must not only prepare in advance for ransomware and other debilitating attacks on their organizations, but also for responding to the effect of cyber incidents at neighboring facilities, says Dr. Christian Dameff, an emergency physician and clinical informaticist at the University of California San Diego.
Organizations in a region should prepare for attacks together, he says. "I'm a big advocate for regionalizing preparations to understand what your area's weaknesses and vulnerabilities are."
That includes conducting tabletop exercises and gaming out what would happen if a particular hospital in a region went down, as well as prearranging agreements between hospitals, "so that they're not trying to hash this out in real time," Dameff says in an interview with Information Security Media Group conducted during a recent HIMSS cyber forum in Boston.
"There should be a recognition that we're all in the same cybersecurity boat. There shouldn’t be a competitive advantage between hospitals because what happens at one affects us all."
Also, it's important that plans for regional cyber incident response are not the same as a mass casualty event plan. "That's the mistake. It is not the same. Ransomware incidents have nuances," Dameff says.
For example, in a ransomware incident, critical patient data might not be available for sharing. "You cannot use your stock playbook," he warns.
In the interview (see audio link below photo), Dameff also discusses:
- Tips for tackling a regional cyber incident response plan;
- Lessons from recent ransomware incidents in the healthcare sector;
- Cyber predications for 2023.
Dameff, an emergency physician, is an assistant professor of emergency medicine, biomedical informatics and computer science at the University of California San Diego. At UCSD Health, he was hired as the nation's first medical director of cybersecurity. Dameff is also an ethical hacker and security researcher.