In this second installment of our three-part blog series on healthcare data security, we’ll cover ways to Prepare for, Respond to, and Recover from security breaches.


Authored by Brenton McKinney, Vice President of Security

Chances are good that you’ve heard about a major IT security breach affecting either healthcare or another industry in the past weeks. That’s because threats evolve constantly and organizations around the world must strive to keep up.

Having a highly responsive data security plan is essential for health plans, provider organizations and their business associates alike. Being able to rapidly detect threats, deter them and bounce back when breaches occur can mean the difference between business success and failure. In other words, establishing a proactive approach for how your organization Prepares, Responds, and Recovers from security breaches is paramount.

While many organizations tend to focus their security resources on preparing for attacks, that’s only part of the battle. In today’s continually changing and highly sophisticated healthcare landscape, the reality is that sooner or later most organizations will experience an attack. That’s precisely why it’s just as crucial to develop a nimble response and recovery plan.

The faster you can respond and recover from an attack and bring business operations back to normal, the better. Here are 3 steps you can take to reduce your organization’s risk from threats to sensitive data:


It is essential to invest the time to ensure a complete understanding of threats to your environment. Key components involve evaluating the techniques, tactics, and procedures (TTPs) of attackers. In other words, how would they operate against your environment? What are the different profiles of attackers to your environment? Not every organization is targeted by a nation-state caliber attack. Using multiple sources of threat intelligence can put you on a path for success. This effort will help narrow down the detection of attacks, gain insight into your vulnerabilities, and help you decide where to focus your limited resources.


Developing a robust capability to respond to attacks when they occur is essential to building a solid security program. Organizations should ensure they have a well thought-out plan ahead of time to help reduce the time from discovery to recovery. Working through exactly how to coordinate shared responsibilities in highly integrated, multi-vendor, hybrid environments before an attack occurs can make the difference in achieving a rapid recovery and maintaining your customers’ trust and confidence.


The ability and speed at which you can resume customer operations after a disaster is arguably the most important aspect of a security program, and quickly resuming operations builds a resilient organization. Business continuity (BC) and closely related disaster recovery plans (DRP) should begin with a business impact analysis (BIA). The analysis does not have to be expensive nor take an exhaustive amount of time to complete. Many organizations forgo the BIA and begin with a DRP; however, the importance of the BIA cannot be overstated. The BIA should yield results that can be used across the organization to understand which resources are the most important and how the business would operate without them for a period of time. This insight will help drive the priority in which assets are protected and brought back online as part of the DRP.


The inability to identify data threats and recover from them swiftly can irreparably damage the trust of your customers, business partners, and the market. The ultimate goal when it comes to healthcare information security is to achieve a constant state of readiness, combined with the agility to respond and recover quickly to minimize risk and maintain customers’ trust and confidence.

Learn more about healthcare information security in our next installment, where we’ll review what having a HITRUST certified partner means for you.

For an overview of healthcare’s security challenges, take a look at our first blog post in this series.

Subscribe to our blog

Don't forget to share this post!