[fusion_builder_container hundred_percent=”no” hundred_percent_height=”no” hundred_percent_height_scroll=”no” hundred_percent_height_center_content=”yes” equal_height_columns=”no” menu_anchor=”” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” status=”published” publish_date=”” class=”” id=”” background_color=”” background_image=”” background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” enable_mobile=”no” parallax_speed=”0.3″ video_mp4=”” video_webm=”” video_ogv=”” video_url=”” video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” video_preview_image=”” border_size=”” border_color=”” border_style=”solid” margin_top=”” margin_bottom=”” padding_top=”” padding_right=”” padding_bottom=”” padding_left=””][fusion_builder_row][fusion_builder_column type=”1_1″ spacing=”” center_content=”no” link=”” target=”_self” min_height=”” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” class=”” id=”” background_color=”” background_image=”” background_image_id=”” background_position=”left top” background_repeat=”no-repeat” hover_type=”none” border_size=”0″ border_color=”” border_style=”solid” border_position=”all” border_radius=”” box_shadow=”no” dimension_box_shadow=”” box_shadow_blur=”0″ box_shadow_spread=”0″ box_shadow_color=”” box_shadow_style=”” padding_top=”” padding_right=”” padding_bottom=”” padding_left=”” margin_top=”” margin_bottom=”” animation_type=”” animation_direction=”left” animation_speed=”0.3″ animation_offset=”” last=”no”][fusion_text columns=”” column_min_width=”” column_spacing=”” rule_style=”default” rule_size=”” rule_color=”” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” class=”” id=””]

There is no doubt that the U.S. is in an unprecedented time right now. As of early-March 2020, the federal government in the United States has taken the unheard-of action to have every single hospital and healthcare facility in the nation put themselves into emergency mode. While hospitals have done a lot of other things on a local, state, and federal level, this is the action that is critically important to the IT and information security teams that work at these organizations. This means that at not just a few, but every single healthcare facility across the nation has activated emergency procedures and incident response to prepare for or deal with the expected influx of patients and shortages of staff. Even if there wasn’t an influx of patients, just the closing of the schools and remote staffing will mean shortages of people power that will be even worse than the already precarious spot most of healthcare IT and information security was in before this coronavirus crisis.

When any organization has an incident, it typically enacts its incident response processes and procedures and run them until the incident has ended. Then the organization can move on to recovery and eventually back to normal business operations. In my decade plus in the industry, I have seen countless incidents occur that led to incident response procedures being put in place. In virtually every single one of these incidents I have seen or participated in, the actual incident part of the ordeal was over in two to four weeks in the vast majority of cases. According to an IBM study detection is far slower than response, when we are focused on other matters that may be even longer. Well, hospitals were told to enact emergency procedures several weeks ago and even if there were not state and local “shelter-in-place” orders in place and the federal government decided to release the lockdown the hospitals would still be in lockdown for weeks or even months until they are back to normal operations.

What Can We Learn from Previously Executing Incident Response Plans?

Most incident response actions take far longer than a month, according to Varonis the average time to contain a breach is up to 103 days, and it is highly likely the coronavirus crisis could last well beyond that. Consider that in most emergency procedures’ documentation, logging, and testing is often put-off until things get back to normal. That is just a few of the things that get backlogged while in incident response. Consider non-urgent helpdesk tickets that have piled up. Think about the new systems that were supposed to be deployed or stood up. Think of all the patches and vulnerabilities that have not even been identified, let alone remediated during the incident response period.

These are just a handful of the things that are often backlogged when an organization moves into recovery procedures. This is where I reiterate that most incidents are over much in a shorter time than this. When those shorter incidents end, the organization often finds itself with enough backlog to fill months or at least weeks. This is from an average incident, if current optimistic predictions for the duration of this crisis we are in for at a minimum of one month, if not six or more months of this. How many years of backlog would be buried if we let all this stuff sit in the backburner? I for one would rather not end up in that situation.

Incident Response Guidance

How can we possibly avoid this?

Those are just a few of the things we all need to be thinking about during the coronavirus crisis. The world is suddenly a vastly different place for healthcare, security, and everyone, and unless we start thinking differently, we cannot hope to ever recover from this catastrophe from an information security perspective. However, during this crisis, we cannot afford to put-off security practices. Many hospitals are in lockdown but awaiting the influx, or there may be “waves” of infected between which there will but time to work on “non-urgent” things like logging, patching, and vulnerability scans.

Additional Resources