HSCC Publishes Coordinated Healthcare Incident Response Plan Template
The Healthcare and Public Health Sector Coordinating Council (HSCC) Cybersecurity Working Group (CWG) has published a Coordinated Healthcare Incident Response Plan (CHIRP) that can be used as a template by healthcare organizations to develop a coordinated cybersecurity incident response plan.
Given the frequency of cyberattacks on the healthcare sector and the harm that these incidents can cause, it is vital for healthcare organizations to develop, implement, maintain, and test an incident response plan. In the event of a cyberattack, the incident response plan can be initiated immediately to limit the harm caused and help ensure a rapid recovery.
There are several resources available on the technical response process to a cybersecurity incident, and while these resources provide guidance on the technical aspects of the response, such as detection, containment, response, and recovery, they do not deal with the impact of an attack on patient care and patient safety. Healthcare organizations have emergency plans to ensure business continuity and patient care in the event of IT outages and natural disasters; however, these plans may not be totally effective when responding to a cyberattack.
The new HSCC resource is intended to help address the gaps many healthcare organizations have in their incident response plans. The CHIRP is a tool that can be used as a starting point when developing an effective incident response plan, which can be tailored to meet the needs of each organization. “Healthcare Delivery Organizations have many of the parts and pieces needed to respond to a cybersecurity incident, but guidance is missing on how to tie all of these separate components together. This template seeks to serve as the cog that can be installed in the machine to allow all of the components to run together as a Coordinated Healthcare Incident Response Plan.”
The template is a guiding document that includes sample content to help incident response plan managers understand the purpose of each section when completing their own planning work, which can be replaced as necessary based on the needs of each organization and should be used in conjunction with the HSCC’s Health Industry Cybersecurity Operational Continuity – Cyber Incident (HIC-OCCI) publication.
The template guides plan managers through incident identification, response, IT system recovery, operations and emergency management, communications, and legal and risk management, and has been developed to be easily customized to suit organizations of all types and sizes. The guidance helps healthcare organizations tie together existing business continuity, organizational, and disaster recovery plans, and downtime procedures to ensure an efficient, coordinated response to any cybersecurity incident.
