Toolkit for Surviving a Cyber Attack: Before, During & After


Many radiology groups have been affected by ransomware. We don't like to acknowledge it, but it's true. There is no guidebook for this, and by the time you bring in consultants, it may be too late. Ransomware attacks alone have increased in the Health Care Industry by over 135% in the last four months.  The industry is vulnerable, businesses must pay large amounts to recover system operation quickly, and the criminals are taking advantage. This program is geared to executives and management leaders on how to survive a Cyberattack before and after. This multilevel discussion provides radiology leaders a toolkit to get them prepared for what to do now, during, and after an attack. The costs to recover systems, comply and notify the OCR and patients could outweigh the ransomware costs. It's not trivial – don't be caught unprepared. There is no IF but WHEN!  

 

11 a.m.-4:15 p.m. ET
Feb. 23, 2021

The recording of this program will be available soon!

Cybersecurity Workshop Information

11:00 am ET - Welcome and Introduction 

11:05 am ET - Session 1:  Taking Preparatory Steps for a Cyberattack
Presenters: Nanette Reed, Esq., CIPP-US; Chris Salsberry CFCE, EnCE; and Jason R. Sexton
  
Be prepared from the incident response plan to Cyber Insurance. Learn key steps and actions your business must take to be ready for a Cyber Attack by having an Incident Response Plan in place to mitigate the downtime of an attack and saving valuable time in getting your computer systems operational again. Learn the value and importance of having cyber insurance, what is available, how much it cost, and what are the trends going forward. What are the most common types of attacks? Ransomware can be one of the costliest attacks, but email phishing attacks and automated password hacking are more common entries into business systems.  Once inside, the criminal can do what he wants so minimizing the chance of access is crucial to prevent loss.

After the session, you are able to:

  • Take steps to ensure your organization survives a cyber attack 
  • Develop an incident response plan to minimize your operational downtime.
  • Recognizing the value of cyber insurance and the importance of having it on hand.

12:15 pm ET - Break 

12:30 pm ET - Session 2: The Cyber Attack: Best Practices from System Outage through Restoration
Presenters: Nanette Reed, Esq., CIPP-US; and Chris Salsberry CFCE, EnCE

Navigating the attack takes ransom negotiation, forensic expert analysis, and legal protections.  During the session, hear more about the role of a Cyber breach counsel who acts as a producer and brings in the required experts to handle the attack. And, depending on your IT sophistication, a forensic expert can work remotely or oftentimes need to provide techs at your location.  The process to system recovery which includes ransom negotiation, system triage, and analysis of patient zero, exfiltration of data, expectations to return to “normal” are all steps in the forensic expert process. The legal protection, public relations, and reporting requirements including the cyber counsel who controls the evidence for future breach litigation and deals with communications/media and law enforcement reporting with an ongoing strategy for individual breach notifications and OCR/AG reporting. 

After the session, you are able to:

  • Navigate the attack by utilizing cyber experts
  • Recognize the roles of the various experts and effectively work alongside them to get the situation under control.
  • Prepare for the legal and compliance ramifications because of the breach.

1:45 pm ET - Break

2:00 pm ET - Session 3:Legal Obligations and Ongoing Preventative Measures
Presenters: Nanette Reed, Esq., CIPP-US; and Chris Salsberry CFCE, EnCE

This session focuses on compliance and mitigation, dealing with statutory and regulatory notifications, system assessment, and new preventative measures.  Chances are high your business will be a cyber victim, and you must take this opportunity to learn how to prepare and mitigate the potential damage so your business will survive and prosper while handling the impact of the attack. During the session, the presenters will discuss 1)  HIPPA/OCR and State Notifications: using a third-party vendor. Identifying the reporting requirements based on PHI and/or PII exposure, breach notification letters, call-center support, and follow up investigations by AG offices or OCR. 2) New System Protections: End-point monitoring and other solutions. The forensic team will make general recommendations for system security features based on the breach. Although usually not covered under a cyber policy, the forensic team can be retained for a full system security analysis with specific recommendations. 3) Training your employees. The ongoing process of training your employees to prevent criminal access through phishing emails, two-factor authentication, and strong passwords.

After the session, you are able to:

  • Prepare for future attacks through preventive planning
  • Review and apply suggested recommendations from the expert to potentially mitigate or reduce future risks.
  • Develop ongoing education with checks and balances to reduce opportunities for attack.

3:15 pm ET - Break 

3:30 pm ET - Roundtable discussions with the Experts 

4:15 pm ET - Concludes

 

No content found

No content found