false
OasisLMS
Login
Catalog
Cyber Incident Response Plan (CIRP) Development (O ...
Cyber Incident Response Plan (CIRP) Development Re ...
Cyber Incident Response Plan (CIRP) Development Recording
Back to course
[Please upgrade your browser to play this video content]
Video Transcription
Video Summary
Patrick Massey, Emergency Preparedness Director at Health Quality Innovators, presents a webinar on developing a Cyber Incident Response Plan (CERP) for healthcare organizations, assuming a threat actor has already gained network access. He explains that a CERP is a structured, documented approach for detecting, managing, and recovering from incidents (systemically adverse events like ransomware or data exfiltration), and it should align with other organizational plans such as the Emergency Operations Plan, communications, and continuity of operations.<br /><br />Key planning considerations include cloud services (incident management remains the organization’s responsibility), managed service providers (MSPs), and cyber insurance (often provides response teams but must be integrated into the plan). He recommends starting with a brief incident response policy to establish governance and authority.<br /><br />Core plan components include forming a Cyber Incident Response Team (CERT) with technical and support roles, clear reporting structures, and defined responsibilities. The response lifecycle covers detection/data capture, analysis (categorization, correlation, indicators of compromise, forensics, evidence handling, prioritization), incident declaration, containment, eradication, and recovery (restoring from verified clean backups and approving interim solutions affecting patient care). He emphasizes out-of-band communications during incidents and suggests using situation reports and a knowledge database. Q&A addresses reviewing third-party plans, resource constraints in rural facilities, and updating the plan every few years.
Keywords
Cyber Incident Response Plan (CERP)
healthcare cybersecurity
ransomware response
data exfiltration
Cyber Incident Response Team (CERT)
incident detection and forensics
containment eradication recovery
out-of-band communications
cyber insurance and managed service providers
×
Please select your language
1
English