Incident Response Planning

GDPR Audits | Tier3MD | General Data Protection Regulation
There are only a few things in life that you KNOW are going to happen.  Taxes, death and a security breach.  Now I don’t mean to be negative, but unfortunately, at some point in your digital life…it’s going to happen.  No matter how hard we try, and how much education we provide, the hackers work harder.  Harder to stay one step ahead of you, and us.  They are constantly refining their skills and at some point, they will sneak in.  So what do you do when that time comes?  You should be ready because you have already done your incident response planning.

Incident Response Planning

Incident response planning, along with disaster recovery, should be the main focus of your practice.  You don’t want to find out you don’t have car insurance after your car is stolen.  You plan before, and purchase car insurance.  I like to view incident response planning as insurance.  It’s preparing for the worst, along with hoping for the best.

Where to Start

The best way to start is to identify what the threats are.  Do a full security assessment.  Once identified, document the ones that you think are most likely, to least likely affect your practice.  At that point, you can document each likelihood, and come up with a plan for if/when it happens.  You want to prioritize tasks, and make sure the ones with the most impact are identified first.  In the case of a medical practice, it may be your EMR that is most important.  If that is the case, your plan will focus on continuing to see patients during a catastrophic event. You want to make sure you have proper backups, and how you will handle getting your systems back up and running.  Have a good, solid plan in place.

Who Develops The Plan?

Have your IT staff/company sit down with you and your lead management.  You want to make sure everyone is on the same page, and all are willing to participate and take responsibility.  Your IT team can drive the plan, but ultimately, it is up to the practice manager and the Doctors to make sure the plan is implemented.

If you would like help with your incident responding plan or disaster recovery plan, contact Tier3MD.