Partner Breach? Steps to Protect Your Own Organization

The following is a guest blog post by Scott Ruthe, Chief Information Security Officer and Rick Fitzgerald, Chief Digital Officer at Ciox.

As recently reported in the Wall Street Journal, cyber attackers are using the fast-paced uncertainty of the coronavirus as the cover under which they launch malware into hospital networks through phishing attacks.

The ever-growing list of hospitals and health systems attacked in 2020 is staggering, and at least one system – The University of California San Francisco – paid hackers a $1.14 million ransom to unlock its medical school computer systems.

An increased number of our provider customers are under attack, which begs a critical question: what should your organization do if a data-sharing partner is breached?

Based on our experience, we’ve developed a playbook that has five parts:

Create a Connectivity Overview

There is a wide continuum of data access profiles for partners. Some partners in the healthcare space share access to data that would cause significant damage to both organizations if compromised. Other partners just have access to key login information. Others still have data access that goes no further than email attachments volleyed back and forth.

No matter where the breached organization fits on the continuum, every digital connection point between the two teams must be mapped immediately upon learning of a breach.

Eliminate All Network Connectivity

Every connection point on that connectivity overview needs immediate disconnection. An organization should break all connections with the infected partner by blocking all internet connectivity with the partner’s network.  This way, infected computer equipment can’t connect to your organization as the infection attempts to spread.

Suspend Accounts

Separate from network connectivity are the account logins, application access, and remote access. These items all also must be disabled upon the notification of a breach.  It’s not enough to suspend network access, as hackers may gain access to login credentials and attempt to access sensitive information remotely.

Get Forensic

With your partner’s breach identified and its access to your organization suspended, the time is right to initiate a forensic review of everything inbound from the partner organization. Review every file received for malware, go through every email and check the inbound activity from every other mechanism of connection. Engage the partner’s security leader to understand the scope, timeline and impact of the breach. Use this information to learn from what happened to them, to reflect and to ensure your own organization remains protected now and in the future.

After the Emergency, Restore the Connection

These actions reflect an emergency procedure. They are temporary steps to ensure the continuity of your business more broadly in the wake of a cyberattack at a partner organization. The faster that your partners are able to eliminate the threat externally, and the faster you are able to ensure that no malware has spread across the two organizations, the sooner operations can be restored.

Often, the entire process takes about three days. Blocking IP addresses and accounts is achievable in a matter of hours. Forensic duties take longer. More often than not, it’s the partner organization that takes the longest, cleansing the entirety of their digital footprint in advance of reestablishing partner connections.

The reality is simple: there are parties in the world using COVID-19 as cover for phishing attacks. While they are not necessarily more successful now than in normal times, fear and uncertainty in the marketplace are breeding more frequent attempts to breach security. It’s our job throughout the healthcare IT ecosystem to be prepared to protect our organization and engage our partners for mutual success.

About Ciox
Ciox, a health technology company and proud sponsor of Healthcare IT Today, is dedicated to significantly improving U.S. health outcomes by transforming clinical data into actionable insights. Combined with an unmatched network offering ubiquitous access to healthcare data, Ciox’s expertise, relationships, technology and scale allow for the extraction of insights from structured and unstructured clinical data to create value for healthcare stakeholders. Through its HealthSource technology platform, which includes solutions for data acquisition, release of information, clinical coding, data abstraction, and analytics, Ciox helps clients securely and consistently solve the last mile challenges in clinical interoperability. Ciox improves data management and sharing by modernizing workflows and increasing the accuracy and flow of information, while providing transparency across the healthcare ecosystem and helping clients manage disparate medical records. Learn more at