HealthcareCISO

Cyberattacks are constantly evolving and while cybersecurity measures grow and change to combat them, becoming a victim is always a possibility—and for many, it is the unfortunate reality across all industries. But in healthcare the risk isn’t just monetary. Patient health and well-being can be threatened, too. In the first blog of this series, I discussed what your organization should do before an attack takes place. (To refresh: Implement preventative measures to reduce your risk of attack and have a response plan in place before an attack occurs.)

So, what should you do during an attack?
First: remain calm. Refer to your organization’s response plan for your next steps. Then, you need to ask yourself these four questions:

1. How did the attackers get into your system?
Understanding the root cause of the intrusion is critical in preventing it happening again. Common points of entry include phishing and exposed Remote Desktop Protocol (RDP). This is the key question to ask (and answer) so that your entire system doesn’t remain avoidably vulnerable.

2. What did the attackers do while they were in your system?
A cyberattack crime scene is...