HSCC Releases Cybersecurity Coordinated Incident Response Template

July 10, 2023 - The Healthcare and Public Health Sector Coordinating Council (HSCC) Cybersecurity Working Group (CWG) issued a new publication, entitled “Health Industry Cybersecurity Coordinated Healthcare Incident Response (HIC-CHIRP).”

HIC-CHIRP provides healthcare organizations with a template for navigating a coordinated incident response when faced with disruptive cyber incidents. Specifically, the publication seeks to address healthcare-specific gaps in existing incident response resources.

“Emergency Management planning prepares an organization to handle an array of hazards that could negatively impact patient care, but these plans are generally focused on kinetic rather than digital threats. Business continuity planning and downtime procedures address continuity of care in the absence of critical technology, but these plans tend to be built around general IT outages and cannot fully address the nuanced challenges of a cybersecurity incident outage,” the publication states.

“Healthcare Delivery Organizations have many of the parts and pieces needed to respond to a cybersecurity incident but guidance is missing on how to tie all of these separate components together. This template seeks to serve as the cog that can be installed in the machine to allow all of the components to run together as a Coordinated Healthcare Incident Response Plan.”

Recognizing that all organizations have different risk considerations, the publication does not provide a highly prescriptive set of steps that all healthcare organizations should follow. Instead, organizations can use the template to guide the development of a coordinated incident response plan that is tailored to their specific needs.

The template provides sample content surrounding cybersecurity response, information technology recovery, operations and emergency management, communications, and privacy, legal, and risk management that organizations can customize as they see fit.

In addition, the publication can help organizations identify whether an incident fits the criteria for a large-scale coordinated response and provides a useful template for assigning incident response team roles and responsibilities.

As the template recommends, a thorough incident response plan should include a communications plan, a list of key external contacts, and defined roles and responsibilities within the internal team, in addition to technical considerations.

Organizations can leverage the HIC-CHIRP in tandem with other organizational plans, such as disaster recovery plans, business continuity plans, and downtime procedures. Rather than replacing these plans, the HIC-CHIRP aims to facilitate a coordinated response to respond to a cyber incident that has the potential to impact patient safety.