Healthcare and Technology news
51.3K views | +0 today
Healthcare and Technology news
Your new post is loading...
Your new post is loading...!

What to Include in Your Incident Response Plan

What to Include in Your Incident Response Plan | Healthcare and Technology news |

Cybersecurity data breaches have almost become a way of life. We hear about businesses impacted by security incidents and data breaches every day. 


As the adage goes, it’s not “IF”, but rather “WHEN” a security incident will take place at your business. 


It is therefore a best practice for every business to create an incident response plan. An incident response plan delivers two cybersecurity benefits to your business:


  1. Systematic response to incidents which helps to minimize information loss or theft and service disruption.
  2. Use of the information gained from an incident to help prevent future threats by strengthening system protections and to be better prepared for handling future incidents.


A breach of your information is always stressful. Don’t compound that stress by not having a plan to address a successful cyberattack. 


Before creating an incident response plan, you must create an incident response policy.


Create an Incident Response Policy

The National Institute of Standards and Technology (NIST) recommends in its Computer Security Incident Handling Guide that an organization should create a policy before building an incident response program.

This policy:

  • Defines which events will be considered incidents
  • Establishes the structure for incident response
  • Defines roles and responsibilities
  • Lists the requirements for reporting incidents

Develop your policy to include all applicable regulations and laws under which your business operates. Compliance requirements such as those associated with HIPAA and HITECH, Gramm-Leach-Bliley Act, and Sarbanes-Oxley (SOX) will drive your policy requirements. 

The 4 Phases of the NIST Incident Response Lifecycle

Once the policy has been created, NIST outlines four broad phases an incident response plan should include.

NIST identifies four phases in an incident response lifecycle:

  1. Preparation
  2. Detection and Analysis
  3. Containment, Eradication, and Recovery
  4. Post-Event Activity


Each of the four phases includes a number of actions. Here’s an outline of what you can include in your organization’s incident response plan.

Preparation and Prevention

“Prevention” in the context of incident response is essentially your information security strategy and the software tools used to implement your strategy. It is your layered defense against cybercriminals -- firewalls, encryption, antivirus software, data backup, user training, etc. 


Part of being prepared is having a complete list of your information security tools (including any portions of your IT infrastructure managed by a third-party managed service provider). 


Effective response is based on communication. Smartphones are an excellent way to communicate with and coordinate team members while responding to an incident.


It may be a good idea to have some of the information below as hard copy or on devices not connected to an organization’s network (it will be difficult to coordinate a response if, for example, you are victimized by a ransomware attack and cannot access your plan):

  • Contact information for primary and backup contacts within your organization plus relevant law enforcement and regulatory agencies that may need to be alerted
  • An incident reporting mechanism so users can report suspected incidents (phone numbers, email, online forms, or secure messaging systems)
  • Issue tracking system
  • Space to respond. Identify a permanent “war room” or temporary location where team members can centralize their response to the incident
  • Secure storage facility to keep evidence if needed

Detection and Analysis

Attacks can come from anywhere and take many forms - a denial of service attack, ransomware, email phishing, lost or stolen equipment (such as a laptop, smartphone, or authentication token), etc.


Once an incident is positively identified, follow defined processes to document the response (which can be helpful in showing a good faith effort to limit the impact of the breach on customer data should you end up in litigation or are investigated as the result of a breach).


Identify your affected networks, systems, and/or applications and determine the scope of the incident. From there, the response team can prioritize next steps from containment to further analysis of the incident. Recommendations for making analysis more effective include:


  • Profile networks and systems so changes are more readily detectable
  • Understand normal behavior so abnormal behavior is more easily spotted
  • Create a log retention policy
  • Perform event correlation
  • Keep all host clocks synchronized
  • Filter data to investigate the most suspicious data first
  • Run packet sniffers to collect additional data


These techniques should be used in conjunction with one another. Relying on a single method will be ineffective.


Document incidents as they are found. A logbook is one way to do so as are laptops, audio recordings, or a digital camera. 


Those affected by the incident need to be notified as well. For an incident that affects customers, a message on your website, email notification, or other communication will be needed. 


Often, breach notification procedures are driven by laws applicable to your industry, your state or your country, or a combination of these.

Containment, Eradication, and Recovery

Develop containment strategies for different incident types as containment for malware entering your network from an email will be different than for a network-based denial-of-service attack.


Document your strategies for incident containment so you can decide the appropriate strategy for the incident (e.g., shut down a system, disconnect it from the network, disable certain functions).

Once an incident is contained and all affected elements of the IT infrastructure have been identified the eradication and recovery process begins.


For larger systems, this could take months to move from high-priority to lower priority systems. Systems may be able to be restored from backup or may need to be rebuilt from scratch. As eradication and recovery proceed, steps can also be taken to tighten security measures. 

Post-Event Activity

Information security is an ongoing, iterative process. A key part of any incident response should be to learn from it:

  • Were the procedures followed? Were they effective?
  • Did we do anything that slowed the recovery process?
  • What could we have done differently?
  • Are there steps we can take to prevent a similar attack?
  • Were there indicators of the attack that we can use to prevent/detect a similar incident?
  • Do we need more resources to detect, analyze, and mitigate future events?

Apply what you learn to improve your cybersecurity defenses and response to the next incident.

Testing, Testing

Test your plan once per year. EIther working with an independent third-party or internally, create a scenario and walk your team through it.


This not only allows team members to understand their roles, but will also help you identify gaps or weaknesses in your plan. 

Technical Dr. Inc.'s insight:
Contact Details : or 877-910-0004

No comment yet.!

Digital health in 2015: What's hot and what's not?

Digital health in 2015: What's hot and what's not? | Healthcare and Technology news |

I think it’s fair to say that digital health is warming up. And not just in one area. The sheer number and variety of trends are almost as impressive as the heat trajectory itself. The scientist in me can’t help but make the connection to water molecules in a glass — there may be many of them, but not all have enough kinetic energy to ascend beyond their liquid state. The majority are doomed to sit tight and get consumed by a thirsty guy with little regard for subtle temperature changes.

With this in mind, let’s take a look at which digital health trends seem poised to break out in 2015, and which may be fated to stay cold in the glass. As you read, keep in mind that this assessment is filtered through my perspective of science, medicine, and innovation. In other words, a “cold” idea could still be hot in other ways.

Collaboration is hot, silos are not. Empowerment for patients and consumers is at the heart of digital health. As a result, the role of the doctor will shift from control to collaboration. The good news for physicians is that the new and evolved clinician role that emerges will be hot as heck. The same applies to the nature of innovation in digital health and pharma. The lone wolf is doomed to fail, and eclectic thinking from mixed and varied sources will be the basis for innovation and superior care.

Scanners are hot, trackers are not. Yes, the tricorder will help redefine the hand-held tool for care. From ultrasound to spectrometry, the rapid and comprehensive assimilation of data will create a new “tool of trade” that will change the way people think about diagnosis and treatment. Trackers are yesterday’s news stories (and they’ll continue to be written) but scanners are tomorrow headlines.

Rapid and bold innovation is hot, slow and cautious approaches are not. Innovators are often found in basements and garages where they tinker with the brilliance of what might be possible. Traditionally, pharmaceutical companies have worked off of a different model, one that offers access and validation with less of the freewheeling spirit that thrives in places like Silicon Valley. Looking ahead, these two styles need to come together. The result, I predict, will be a digital health collaboration in which varied and conflicting voices build a new health reality.

Tiny is hot, small is not. Nanotechnology is a game-changer in digital health. Nanobots, among other micro-innovations, can now be used to continuously survey our bodies to detect (and even treat) disease. The profound ability for this technology to impact care will drive patients to a new generation of wearables (scanners) that will offer more of a clinical imperative to keep using them.

Early is hot, on-time is not. Tomorrow’s technology will fuel both rapid detection and the notion of “stage zero disease.” Health care is no longer about the early recognition of overt signs and symptoms, but rather about microscopic markers that may preempt disease at the very earliest cellular and biochemical stages.

Genomics are hot, empirics are not. Specificity — from genomics to antimicrobial therapy — will help improve outcomes and drive costs down. Therapy will be guided less and less by statistical means and population-based data and more and more by individualized insights and agents.

AI is hot, data is not. Data, data, data. The tsunami of information has often done more to paralyze us than provide solutions to big and complex problems. From wearables to genomics, that part isn’t slowing down, so to help us manage it, we’ll increasingly rely on artificial intelligence systems. Keeping in mind some of the inherent problems with artificial intelligence, perhaps the solution is less about AI in the purest sense and more around IA — intelligence augmented. Either way, it’s inevitable and essential.

Cybersecurity is hot, passwords are not. As intimate and specific data sets increasingly define our reality, protection becomes an inexorable part of the equation. Biometric and other more personalized and protected solutions can offer something that passwords just can’t.

Staying connected is hot, one-time consults are not. Medicine at a distance will empower patients, caregivers, and clinicians to provide outstanding care and will create significant cost reductions. Telemedicine and other online engagement tools will emerge as a tool for everything from peer-to-peer consultation in the ICU to first-line interventions.

In-home care is hot, hospital stays are not. “Get home and stay home” has always been the driving care plan for the hospitalized patient. Today’s technology will help provide real-time and proactive patient management that can put hospital-quality monitoring and analytics right in the home. Connectivity among stakeholders (family, EMS, and care providers) offers both practical and effective solutions to care.

Cost is hot, deductibles are not. Cost will be part of the “innovation equation” that will be a critical driver for market penetration. Payers will drive trial (if not adoption) by simply nodding yes for reimbursement. And as patients are forced to manage higher insurance deductibles, options to help drive down costs will compete more and more with efficacy and novelty.

Putting it all together: What it will take to break away in 2015?

Beyond speed lies velocity, a vector that has both magnitude and direction. Smart innovators realize that their work must be driven by a range of issues from compatibility to communications. Only then can they harness the speed and establish a market trajectory that moves a great idea in the right direction. Simply put, a great idea that doesn’t get noticed by the right audience at the right time is a bit like winking to someone in the dark. You know what you’re doing, but no one else does.

No comment yet.!

How Payer-Provider Collaboration Has Fueled Data Exchange in Pennsylvania

How Payer-Provider Collaboration Has Fueled Data Exchange in Pennsylvania | Healthcare and Technology news |

Philadelphia, not unlike many other major cities, is a metropolis with several overlapping health systems. Richard Snyder, M.D., senior vice president and chief medical officer at Independence Blue Cross (IBC), refers to it as a “virtual Venn diagram of health systems on top of each other.”

What’s more, unlike some cities where there is a predominant health system that encompasses a big portion of the population and can build its own health information exchange (HIE), Philadelphia does not resemble that, Snyder says. “It has a lot of health systems, so you have that issue which makes it complicated since they all compete for doctors. They are working on an electronic medical record (EMR) that the hospital uses and in some cases acts like a little like an HIE, but only for that system—not for others in the region,” he says.

Additionally, as physicians continue to take on more and more risk in the new healthcare, they are starting to now realize that half of all admissions occur in a different hospital than the original incident’s hospital, Snyder says. “So if I drive to Penn Medicine for surgery, then late at night I am 20 miles from home but still in Philadelphia, they will take me to the nearest hospital, rather than to Penn,” he says. “Also, if you have a couple of chronic conditions, chances are you’re getting care in more than one system. The systems don’t talk to each other so the records don’t get transported back and forth routinely. There is a recognition that we have to work together, but there is no way for each of us to build a robust HIE that fit sour needs and our patients’ needs since they’re going to different systems.”

As such, several years ago, Snyder’s peers at IBC, along with other payers in the area, knew something needed to be done. “We’re not cutting down on readmissions or complications, and we need to share information with each other. We knew we had to build an HIE. All of a sudden, it’s very important for us to have real information available at the point of care. There is no way to get that in the EMR unless you have an HIE,” he says.

As a payer, of course, IBC has exact information on which physicians patients are seeing, as they get a claim for every occurrence. “We know where patients are getting care,” says Snyder. “What are the chances that when a patient walks into the ER, that he or she will tell the person helping them at registration all of the physicians and all of the facilities he or she has been to? They will say one name; it’s all you have time for. Now when it’s time for a discharge summary to those doctors who will care for that patient, they have no idea where to send it to or where to get the records from. We as a payer know that information,” he says.

All of this was the impetus behind the creation of HealthShare Exchange (HSX) of Southeastern Pennsylvania, incorporated in May 2012, with its board and bylaws put into place in January 2013. Snyder, who is also chair of the HSX board, says that it’s the nation’s only exchange in a major metro area built on collaboration between insurers and hospitals.

State and federal grants were instrumental in the launch of HSX, which is now primarily funded by participation dues from hospitals representing more than 90 percent of admissions in the Philadelphia region and several major insurers. Currently, 15 hospitals are signed on, though Snyder says that 37 health systems in southeast Pennsylvania have signed a letter of commitment documenting their desire to participate in HSX. Further, he notes, two mental health facilities are signed on as well as a few federally-qualified health centers (FQHCs).

A Unique Business Model

Snyder says HSX is providing a master patient index that links patients to all their physicians and places they get services, so that whenever a patient leaves the ER or a specialist, at the press of a button, a discharge summary comes to HealthShare. “We will look it up and attach copies to all the doctors so everyone is in the know and has all the information. That just doesn’t happen in most places,” he says.

The idea was to get the knowledge of where to ask for records and send records to, Snyder continues. “We also collect lab results, we know claims history, so we know what physicians they see, what diagnoses there are, and what procedures have been done. We summarize that into a clinical care report, which is all we know about you, and can include up to four years of history on a patient. We make them into individual PDFs that are readily available,” he says. What’s more, if a patient goes to the hospital or ER, the registration person will put the patient’s information into a form, and an admission, discharge, or transfer (ADT) message is sent to HSX, which looks it up, and then sends a report back to the ER or the hospital’s admitting doctor. “It’s a powerful tool for the physician to take care of the patient,” Snyder says.

In April, the first month in which ADT messages were live, Snyder notes, some 480,000 such messages were passed through the system. However, he adds, not all physicians are pleased with the influx of information. “The early adopters, those who have been using it the longest, are very much interested in the value of the exchange,” Snyder says. But there is another generation of physicians that say, ‘Wait a minute, you’re telling me that when I turn on the phone in the morning, there could be 50 messages for me? Who will be responsible for them?’ But this means there is more information flowing through the system, and it’s our job to turn the data into actionable information for doctors. We will continue to do that,” he says.

Snyder says that while sustainability is the biggest barrier to health information exchange, HSX has a model that is indeed sustainable. Although most HIEs start out with query-based exchange, where there is a database full of data and you can look into it or ask for information from it when you need it, Snyder says that was not preferable in the case of HSX as it would be hard to build and maintain an accurate database in a big metro area—as well as very expensive. “We also didn’t think it would grow as quickly. If I am feeling nervous about treating a patient I know nothing about who’s in the ER unconscious, and I can receive clinical information about that patient to help me help inform me about how to care for [him or her], that would be just awesome. Physicians value that,” Snyder says.

Currently, HSX serves the five counties of Southeastern Pennsylvania, and that’s the primary goal, says Snyder. But 25 percent of admissions to the city’s academic centers are coming from South Jersey or Delaware, outside the region, he says. As such, HSX has been getting inquiries from providers in those areas to be connected, as they want access to that information that’s generated in the Philadelphia market and could go back to them, Snyder notes. “We have discussions going on and I think you will see that we’ll connect to other HIEs so information can flow better to and from,” he says.

No comment yet.