Eyeworld

98 | EYEWORLD | DECEMBER 2021 P RACTICE MANAGEMENT Contact Gallagher: bgallagher@medcgroup.com going to mitigate the issue? Scenarios like this one need to be planned for ahead of time. Having a fully developed response plan and knowing what to do in an emergency can make all the difference to restore normal practice function. The Respond phase includes identi- fying these questions surrounding communica- tion, analysis, mitigation, and improvements to detection processes. The response is more than just IT analyzing what happened or trying to stop the technical reason for a breach. Manage- ment must be involved to determine the proper communication messaging and communication to authorities and patients. Third-party com- panies such as digital forensics may also need to be involved depending on the incident and what is required. Recover The Recover phase restores business functions, but this involves more than IT teams and tech- nical processes. Management teams must be involved regarding how to effectively commu- nicate and restore trust and reputation among vendors and patients. Recover also includes planning and adapting for the future. Imple- menting lessons learned into existing plans can be beneficial to the entire organization in preventing future incidents. "I don't have time for this," "A breach won't be that bad," or "This costs too much" are commonly heard statements regarding cyberse- curity. The average cost per healthcare record stolen or lost in 2019 was $429. 1 That can be devastating to practices and patient safety and makes the time and effort worthwhile. No one thinks a breach will happen to them, and there is no such thing as a perfect cybersecurity system. It's an on-going process to find the right balance based on the individual needs of an organization. Take the steps to start the journey and put the necessary items in place to protect your practice and your patients. protections are often in place, many times phys- ical security is overlooked. Easy access to critical pieces of infrastructure can negate the best technical protection mechanisms. Another ne- glected critical piece of security is user training and awareness. In a busy practice it's difficult to implement one more training or in-service. Taking the time to educate users on the basics of cybersecurity practices is one of the best mech- anisms to protect against common threats that carry the highest risk. Detect You can't manage what you can't measure. Detection involves monitoring activity regarding systems, software, and personnel. This stage can be difficult. The bad actors of the world are very good at avoiding detection and cover- ing their tracks. Malware and other malicious software can stay hidden for long periods of time without raising suspicion. Establishing a baseline of normal system activity is important. The software and hardware that are implement- ed to protect assets many times also provide monitoring and alerts to malicious behavior. Defining what constitutes an alert and defining the staff and systems who receive notification is critical in this step. Practices must find the right balance and make sure that notifications receive the attention of the right people. Risk priority is important and individual to each practice. The NIST CSF includes profile definitions for prior- itization of goals and what means the most to your practice. That allows practices to focus on high-risk items first and decide how to allocate limited time and resources. The NIST CSF also provides different tiers that can be identified for each step of the way. These tiers let the practice define the goals based on what it's able to han- dle and can afford. Respond What would you do if you walked into your practice and all systems were encrypted? Who do you call? How did it happen? How are you continued from page 96 Reference 1. The Ponemon Institute/IBM Security published its 2019 Cost of a Data Breach Report.

• Blank Page
• Blank Page (1)