Real-Time Change In Incident Management

May 19, 2020

During this digital panel session, Jim Brady discusses real-time change in incident management. His extensive experience in a multitude of security roles throughout his career means he has seen a lot of changes in the healthcare cyber security field. Naturally, the latest change to make its mark is the new remote work environment COVID-19 has deemed nececessary.

A New Reality in Cyber Security

In the past, incident response plans are created and workshopped on location—in the case of healthcare, at the hospitals, command centers, etc. Now, with most of IT, the administration staff, and even doctors working remotely, new considerations must be taken.

Now that vendors, legal counsel, and staff are working from home, are they vulnerable to new threat actors, or are the bad guys giving healthcare a break during this global pandemic? Unfortunately, opportunistic phishing scams are increasing as the world is combatting COVID-19. For example, some phishing attempts run under the guise of PPE equipment vendors.  

Additionally, while telehealth works as a good alternative to in-person doctor appointments, is it secure?

Three Main Threats

A well, executed cyber security incident has the possibility to severely disable or even take down organizations. In the healthcare field—especially during this time—it is imperative that hospital doors remain open. CSOs are especially on alert for the following three threats:

  1. Data breaches
  2. Ransomware and wiperware
  3. Medical device and IoT tampering

There are a few key things CSOs can do to effectively mitigate these areas of vulnerability. The first challenge is managing the environment remotely now that key security staff is working from home. System access needs to be the same as it was onsite. Home networks require an appropriate amount of bandwidth and the right VPN access must be granted. Home workers need the proper security for their home router firewall.

Incident Response Plans

A holistic cyber security plan not only works to prevent incidents but respond to them as well. In the way that fire departments educate on fire prevention while also maintaining the ability to put fires out, responding quickly to a breach is imperative. For example:

  • Knowing who to go to if a critical IT system needs to be shut down
  • Knowing who the decision-makers are and having their contact information up to date and accessible
  • Creating a communication plan across departments that includes at-home employees’ contact hours and preferred forms of communication.
  • Keeping contact methods such as video chats on secure platforms


Architecting a command center is difficult enough on prem with a team. It has only gotten harder with everyone spread out remotely. A communication grid helps clarify who communicates what to who. The C-suite needs regular high levels of communication. Clinicians on the front lines delivering care need access to the technologies that are required to do their jobs. Educating the administration staff on how to stay safe at home is also imperative. These non-technical positions are more prone to insecure home network and firewall setups. BOYB devices must not be used by family members or left insecure. All of these things need to be considered when developing an incident response plan during this pandemic.

Staying Physically Safe While Keeping The Network Secure

The health and safety of employees is also tied closely into cyber security. For example, is there a contingency plan if a large number of IT staff get sick? Are hospital-issued laptops and repurposed IT equipment disinfected properly? Are vendors shipping safe goods? If a cyber security attack affects technology tools at a hospital, who retrieves that device for forensics purposes? Do they have protective equipment to keep them safe? All of these considerations must be a part of an incident response plan.

The business and IT side of healthcare banded together and willingly risked their health to set up the technological side of medical tents and drive-through testing. Jim considers the possibility that such a positive and efficient crisis response will set an impossible precedence in the future.

Healthcare After COVID-19

If ever there were a silver lining to Coronavirus, long-term healthcare changes going forward may be it. Traditionally, healthcare is an industry that lags behind in technology adoption. Telehealth--a method of healthcare that brings down cost and increases patient satisfaction—will be the new way forward. Jim expands on this idea before answering live-audience questions.

Jim Brady dives deep into cyber security in healthcare during the pandemic. In order to hear the complete answers to the questions posed in this article, please go to the Cyber Security Digital Summit page, register, and then follow the link sent to your inbox.

Read the original article and additional information at Cyber Security Hub