Incident Response Planning During COVID-19 Checklist

Issue link:

Contents of this Issue


Page 0 of 2

1 Planning for Incident Response During the COVID-19 Crisis: Tales on Tackling The Security Debt Written by Marti Arvin; Executive Advisor at CynergisTek, Clyde Hewitt; Executive Advisor at CynergisTek, and Ryan Stewart; Manager of Incident Response Services at CynergisTek The COVID-19 pandemic is disrupting healthcare. Clinicians involved in non-elective care are preparing for a tsunami of patients while at the same time furloughing staff who provided electives services. Outside of the clinical setting, direct support staff is still working on-site to stock critical supplies while clinical engineering is ensuring all medical devices are repaired and available for use. Other functions not required for direct patient contact are transitioning to a remote work environment as stay-at-home orders promulgate throughout the nation and world. This group includes back-office functions such as administration, HR, finance, information technology, security, privacy, and compliance. For most workforce members, working from home doesn't radically alter the workflow, just the work location. These individuals rely on computer applications that can be accessible in the cloud or via the organization's VPN. The biggest disruption is that mobile phones replace office extensions, however, the majority of mobile phones for these new remote workforce staff are personally owned (BYOD). Not all non-clinical workflows can be replicated in a remote work environment. Security and privacy incident response and recovery activities are 'high touch and interactive' and therefore especially susceptible to disruption. Few organizations have considered the magnitude of workflows that need to be re-engineered to work effectively in remote environments. For example, the simplest but most important task of communicating would normally occur in the command center but now must rely on conference bridges. The limits of 'bandwidth and processing power' can transform parallel discussions threads into serial discussions as conference bridges limit speakers to one at a time. Collaborative management will be replaced with outspoken central leadership. There will be fewer opportunities for upward information flow. This model takes strong centralized leadership and trust that documented procedures will be followed. Unless organizations take action to adjust to the new fabric, it should be clear that a serious security or privacy incident during this COVID-19 pandemic could be catastrophic. This bad outcome is not certain if organizations take action before a serious event occurs. The following checklist is a non-exhaustive look at steps that can be taken now so that healthcare organizations will be better prepared to respond and recover. 30/60/90 Day Planning Security and Privacy Incident Response Checklist Within 30 Days: • Incident response (IR) plans: ° Validate IR team member assignments, roles, and responsibilities: Identify a backup for each key staff (in case of medical absence). Confirm phone numbers (work, personal cell numbers, and landlines if applicable). Confirm personal email addresses. ° Pre-assign cloud-based conference bridges, rather than internal numbers that may be dependent on internal infrastructure, to key functions to ensure that communications can take place in parallel. Given the current levels of demand for some of these applications, it may make sense to have backup applications if one becomes unavailable or has performance issues (e.g. WebEx, Teams, Zoom, Skype for Business, for example). Assign separate bridges to each function. At a minimum, have separate bridges for: Executive leadership, Legal and outside counsel, Security, privacy, and compliance leadership, IT leadership, IT networking (NOC), Security operations center, and Technical security leadership. 30

Articles in this issue

view archives of Checklists - Incident Response Planning During COVID-19 Checklist