Today’s columnist, Toby Gouker of First Health Advisory, explains the importance of downtime procedures on healthcare cybersecurity. (Adobe Stock)
COMMENTARY: Modern healthcare organizations have become intimately connected to electronic health records (EHR)s, medical devices, cloud-based services and a host of remote and home-based technologies.While these advancements enhance patient care and operational efficiency, they also open healthcare providers to significantly increased levels of cyberattacks. Ransomware, data breaches, and other cyber threats have exposed vulnerabilities in the sector’s cybersecurity practices.
In the absence of robust preventative measures, many organizations now focus on improving downtime procedures and other business continuity strategies to mitigate the impact of these attacks.
The growing threat landscape
Healthcare organizations face a unique set of cybersecurity challenges. These attacks often cripple systems, leading to service interruptions, delayed patient care, revenue loss, and potential risks to patient safety.[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts.Read more Perspectives here.]Inadequate cybersecurity practices, such as unpatched software, insufficient employee training, and lack of multi-factor authentication (MFA), exacerbate these risks. Smaller healthcare providers are particularly vulnerable, as they may lack the resources to invest in comprehensive cybersecurity programs. Recognizing these gaps, we see organizations shifting their focus to building robust downtime procedures and business continuity plans as a critical line of defense. They have decided that they can afford higher levels of cybersecurity so they are preparing themselves for the eventuality of a successful attack.
The role of downtime procedures in cyber
Downtime procedures are structured protocols that let healthcare organizations maintain essential operations during IT asset outages. These procedures are relevant during cyberattacks, and also during other disruptions, such as natural disasters or hardware failures. In the context of cybersecurity, effective downtime procedures can:
Preserve patient safety: Ensure that critical patient care services, such as emergency surgeries and medication administration, continue without disruption.
Minimize data loss: Implement manual recording systems to capture essential patient information until systems are restored.
Reduce financial impact: Prevent prolonged service interruptions that can result in lost revenue and increased costs.
The elements of improved downtime procedures
Healthcare organizations are integrating the following elements into their downtime protocols:
Paper-based documentation: While EHRs are indispensable, many organizations are rediscovering the value of paper-based systems. Staff are being trained to switch seamlessly to manual charting, ensuring that patient information gets recorded and accessible during outages.
Regular downtime drills: Simulated downtime events are becoming a standard practice in healthcare settings. These drills familiarize employees with emergency protocols, identify procedural gaps, and improve response times.
Redundant communication systems: Cyberattacks often disrupt email and internal messaging platforms. Backup communication channels, such as walkie-talkies or secure mobile networks, ensure that staff can coordinate effectively during an incident.
Predefined prioritization plans: Organizations categorize services and systems based on their criticality to patient care. This prioritization ensures that resources are directed first toward maintaining essential operations, such as life-support systems and emergency departments as the organization struggles to come back online.
Measures beyond downtime
While downtime procedures are crucial, they are part of a broader full recovery framework. Healthcare organizations are also implementing additional strategies to bolster their resilience against cyberattacks:
Disaster recovery plans: These DR plans outline the steps in the long process needed to restore IT systems and data after an attack. Frequent backups and geographically distributed data centers are central components.
Cybersecurity insurance: Many providers are investing in policies that cover financial losses, legal fees, and other costs associated with cyber incidents. While insurance doesn’t prevent attacks, it mitigates the financial impact.
Collaborative incident response: Some healthcare networks are forming partnerships with cybersecurity firms and government agencies to develop coordinated response strategies. Sharing threat intelligence and best practices strengthens the sector’s collective defense.
The need for proactive cyber investments
Although improved downtime, business continuity and DR measures are vital, they are ultimately reactive solutions. To address the root cause of the problem, healthcare organizations must prioritize proactive cybersecurity investments. These include:
Advanced threat detection: Deploying artificial intelligence and machine learning tools to identify and mitigate threats in real time.
Employee training: Conducting regular cybersecurity awareness programs to educate staff about phishing, password hygiene, and other threats.
Embrace zero-trust: Implement a security model that requires strict verification for every user and device attempting to access network resources.
The rising frequency and severity of cyberattacks underscore the importance of robust downtime procedures and business continuity measures in healthcare.While these strategies help organizations navigate disruptions and protect patient safety, they are not a substitute for comprehensive cybersecurity practices. By balancing reactive and proactive measures, healthcare providers can build resilience against cyber threats, ensuring that they can continue delivering high-quality care even in the face of adversity. A secure and prepared healthcare system benefits everyone—from patients and providers to the broader community.Finally, many of these downtime procedures and business continuity and DR programs can apply to many other business sectors. While healthcare remains a major target for cybercriminals, so are the financial, energy, manufacturing, and retail sectors.Toby Gouker, chief security officer, First Health AdvisorySC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
The former Provost for the SANS Technology Institute, Toby Gouker brings a wide breadth of privacy and security expertise to First Health Advisory’s cyber health practice. Coupled with years of experience in the federal healthcare IT industry, his expertise sits at the nexus of cybersecurity, health policy, and healthcare risk management. With over 30 years of industry experience and 10 years in education, Gouker is both a scholar and practitioner, offering healthcare organizations guidance on business tools and techniques that help organizations protect IT and data assets.
The Institute for Critical Infrastructure Technology (ICIT) Digital Consolidation Risk and National Security briefing addresses the growing risks associated with IT and cybersecurity consolidation. The briefing showcases the findings and recommendations of ICIT's six-member Task Force, composed of industry experts and leaders to shape cybersecurity policy for the next Administration. Panel 1: Fireside Chat- Digital Consolidation
Wiz has dominated the cloud startup market for several years, but there are lesser-known startups that offer some very targeted cloud security products.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
