Featured

How to Prepare for Cyber Attacks

By Alana Tart

Cyber incidents are not a matter of if, but when. Businesses, with vast amounts of data and heavy reliance on systems, are the new banks to rob. Healthcare data is especially attractive to cybercriminals due to its high value. Furthermore, as healthcare organisations are reliant on systems to deliver essential services, they are prime targets. The goal when facing a cyber event is clear: contain the problem, restore operations quickly, and mitigate harm. This article will discuss the people needed to achieve that.

The risks businesses face

Before touching on the critical players in a successful breach response, a reminder of the three principal risks faced from cyber incidents:

  •  Business operational risk: risk of loss from failure of key systems, processes, or people.
  •  Reputational risk: risk of loss from damage to an organisation’s public image.
  •  Legal and compliance risk: risk of loss from legal action due to breaches of law or regulations (both regulatory and litigation). This risk lessens when businesses show they are taking all reasonable steps to prevent disaster.

A cyber event does not have to mean the death of your business, but it could, especially in healthcare. A concentration on people does not negate the importance of formulating plans, scenarios and playbooks that focus on protecting what is relevant. However, it is people who bring these to life.

Cyber is a team sport

Cybersecurity is a team effort. When a breach occurs, it’s not just the IT, security, or legal department’s responsibility—it requires a coordinated response from a pre-assembled team of trusted experts. This team can include both internal and external members, with roles tailored to the business and situation. Clear roles and a structured approach are essential for an effective response.

Key internal roles may include an incident response manager, system administrator, security analyst, IT support, and personnel for business continuity, legal, and communications. External experts, ideally pre- arranged, might include legal counsel, forensic IT specialists, ransom negotiators, cyber insurance providers, and PR agencies.

External experts are not needed every time, but it is important they are lined up and on speed dial. Two critical external roles include:

  • SRA-regulated external legal counsel: Ensures compliance with legal and regulatory
    requirements, manages law enforcement communication, and protects privilege.
  • Forensic IT specialist: Collects and documents data for legal admissibility and ensures regulatory
    compliance.

In most cases, external counsel should oversee the involvement of external parties, including ransom negotiators (discussed below), to protect privilege.

The value of considering the ransom question

Ransom demands lead stakeholders to want involvement and reassurance. This makes considering questions around ransom, including who is involved, critical. A company will have a better outcome during a live ransom demand if they decide in advance how to handle them, whether to engage with threat actors and how, and who in the organisation makes the ultimate decisions. Getting roles right is critical. There is no time for analysis paralysis.

Decisions regarding ransom negotiators require understanding the legalities and logistics of paying ransom and/or engaging with a threat actor. This includes not confounding engagement with paying; these are two separate actions. Engagement can buy time to secure systems, sort backups, gather crucial information like proof of life or threat attribution (which all make informed decisions possible) and can allow the organisation, not the threat actor, to own the narrative. It can also provide a sense of control in a chaotic situation. A ransom negotiator is an expert in engagement.

Concluding comments

It is ultimately the people—armed with clear plans and responsibilities—who drive the success of breach management. Cybersecurity is a collective effort, and ensuring the right team is in place before an incident occurs is vital to minimise operational disruption, protect the organisation’s reputation, and stay compliant with legal and regulatory frameworks. Preparedness is key, and a proactive stance can make all the difference when facing the inevitable.

Categories
FeaturedNewsSECURITY

Join our audience of healthcare industry professionals

Join our audience of healthcare industry professionals

X