How to prepare for a cybersecurity incident

How to prepare for a cybersecurity incident

Just as practice staff must prepare for medical emergencies and natural disasters, your practice should be prepared for a cybersecurity incident.

All general practices should have a cybersecurity incident response plan in place and test it regularly. The Australian Cyber Security Centre (ACSC) provides guidance on developing a cybersecurity incident response plan, including the types of information it should contain and potential impacts to consider. 

For example, such a plan should include an analysis of threats specific to healthcare businesses and a plan for each type of threat. The theft of patient data will have a different impact and response to website defacement, and this should be reflected in the plan.

Take action

Create a Cybersecurity incident response plan

The Royal Australian College of General Practitioners (RACGP) recommends that all practices develop a cybersecurity incident response plan. A representative from the practice should be nominated to maintain and update the plan, with multiple staff trained on how to use the plan and where it is stored. It is recommended that an offline copy of the plan be kept, either as a printed copy or on an air-gapped device.

The plan should cover:

  • Clear criteria for when the cybersecurity response plan should be activated
  • The key roles and responsibilities of team members when the plan is activated, including backup contacts in case key individuals are unavailable
  • Details on how to isolate the systems impacted to limit damage and guidance on how to secure unaffected systems
  • Details of the systems, devices and data covered by the plan and critical services that must be prioritised for restoration
  • The communications channels to be used for sharing information internally and externally during an incident, including pre-prepared template messages to ensure accuracy
  • The steps required to restore services and verify their safety, ensuring critical clinical and business functions are operational before resuming normal use. This includes documenting what has been restored and when
  • Follow up actions to investigate the incident to establish how it happened and inform a prevention strategy
  • Details on how the plan is tested
This event attracts CPD points and can be self recorded

Did you know you can now log your CPD with a click of a button?

Create Quick log

 

Advertising