While in the heat of a HIPAA security breach, it’s easy to get tunnel vision and focus only on the accounts and systems affected in order to stop the attacks as quickly as possible. This limited breach response may not completely removal all malicious applications or malware in order to prevent future attacks. By knowing these five common HIPAA breach response failures, your practice can build a robust, HIPAA compliance breach response plan.
Only focusing on the systems that caused a breach: Some hackers will leave behind harmful applications so they can more easily continue their criminal behaviors in the future. When your practice’s security response team works to eliminate the detected malicious application or malware, they should also perform a thorough investigation of the practice’s entire system to ensure nothing was left behind that could result in future damage.
Changing passwords is not a permanent fix: The automatic response of your practice’s security team to a breach may be to reset or disable the accounts that were compromised. Doing this may temporarily halt an attack, however, advanced cybercriminals are usually able to discretely access additional administrative accounts or run malware under local administrative accounts. This allows the attacker to run their tools without the need for account passwords.
Scanning only the affected systems: After a serious cyberattack, your practice’s IT security team will most likely conduct a scan of the infected environment such as servers and power user stations. However, cybercriminals are able to hid their tools in unsuspecting locations such as laptops or workstations so all hardware, software, and peripherals should be scanned as well.
Don’t just add security upgrades to prevent future attacks: Many healthcare IT departments believe that adding the latest security upgrades to the network is the only way to protect the practice’s network from future attacks. While advanced security features can certainly help, changing internal security processes can also be beneficial. After a breach, be sure to review the circumstances around the breach and then update policies and procedures as needed.
Involve your business associates: After a security breach, it is important to reach out to your business associates to verify that their systems haven’t also been breached. Your practice’s IT business associates may also be able to offer advice on how to avoid future attacks and breaches.