Your partner in clinic management. Discover the beat of the future.

Information security Part 4 – What to do if there is a fire

What to do if the worst comes to the worst? Read here what to do in the event of an information security incident.

16. September 2024

Information security Part 4 – What to do if there is a fire

Rolf Grube

If there’s a fire, you should know where you can get a bucket of water quickly!

Sounds banal? But if you look closely at the sentence, there is a lot of content in it, which we will look at below.

“There is a fire” is an incident that is usually relatively easy to detect. In the right place, the fire can cause a lot of damage to your company, in other places it can cause little or no damage. Depending on how you assess the fire, you tip a glass of water over it, get the fire extinguisher or call the fire department.

Once the fire has been extinguished, the damage is repaired, the walls are repainted and then everything is OK again. Not quite! Of course, you should still consider whether it was a good idea to light a candle in a paper file archive and how to prevent this from happening next time.

But how do you proceed in an emergency?

The requirements for handling information security incidents can be divided into two groups: organizational and procedural measures.

For successful incident handling, your organization must be ready to respond. You should have a crisis team, make sure that all employees know how the reporting chain works and define what the crisis team will deal with and how.

Taking care refers to both internal and external addressees. Therefore, it should also be determined in advance who may or must speak to whom and how (e.g. press) (observe reporting obligations! e.g. BSI, police). In our experience, proactive communication is better than trying not to communicate.

In terms of processes, we are entering a cyclical process – something we know very well from our consulting work. A security incident always has a time component, a life cycle. The treatment is based on this life cycle:

  1. Detection and information – A security incident needs to be noticed first and this requires suitable means, a fire alarm, an alarm system, monitoring mechanisms for your IT infrastructure or similar
  2. Triage – Decide what impact the incident will have on the business, what resources should be allocated to the response and what “alert level” should be raised
  3. Containment – The incident is analyzed and, if possible, measures are taken to contain it. The impact on company processes must be taken into account, as well as the risk of the damage spreading. Measures may include, for example, isolating a section of the network, shutting down a server or deactivating user accounts.
  4. Removal – A certain surgical generosity is particularly appropriate in connection with malware, as some species of this genus do not appear as a single program, but in the form of modules with different tasks that are difficult or impossible to remove from a computer. It is therefore better to throw away one too many. The Bundestag hack in 2015 led to an extensive renewal of the infrastructure of the Bundestag network, including the endpoints. Something similar happened at Frankfurt University Hospital in early 2024.
  5. Follow-up – The most important and often unrealized step is the follow-up of the attack with the aim of learning for the future. This time should be taken because it generates valuable information. A good example of the fruits of the process is the MITRE ATT&CK® Framework(https://attack.mitre.org), in which the findings from cyber attacks are systematically processed and documented for the (specialist) public for further use.
  6. End of incident – When everything is done, you may declare the incident over. Done…

…and prepare for the next incident. Did we mention that we love PDCA cycles? They look good on PowerPoint slides.

Until the next and final part (link to Part 5 – Further building blocks)

Cyber risk check – a new service from Oberender AG

Do you want to know where you stand in terms of information security right now? Great – then let’s do the cyber risk check together. You can find more information here.

Oberender - Krankenhausberatung - Klinikberatung - Klinikmanagement - Signet - braun

Talk to our experts.

With our expertise, we do not provide you with pretty colorful pictures, but with actionable strategies that will make your hospital fit for the future.

Rolf Grube

Digitalization Manager and Certified Information Security Manager

rolf.grube@oberender.com
+49 89 8207516-0
If you would like to share the article.
Oberender - Krankenhausberatung - Klinikberatung - Klinikmanagement - Signet - braun

Here you can find similar articles.

Browse our blog and benefit from our expertise and experience.

25. January 2024

Vera Horn

Opportunity for digitization in the healthcare sector or excessive demands on the healthcare landscape – a critical contribution to the legal innovations

18. December 2023

Ralf Suchart

The operating theater is indisputably a central service area of a hospital. This is where the quality of the service provided is decided to a considerable extent.

18. December 2023

Jochen Baierlein

, Prof. Dr. Andreas Schmid

No matter how different they are, all municipalities in Bavaria are affected by the massive upheavals in the healthcare system. 90 out of 96 districts or independent cities are directly responsible for a hospital, two others are at least indirectly involved.