LS&HC Horizons 2022 - Flipbook - Page 26
Hogan Lovells | 2022 Life Sciences and Health Care Horizons
26
Privacy and Cybersecurity
Ransomware attacks are on the rise
According to a recent report, 2021 saw a 755% increase in attacks on
health sector organizations operating within the sector, making them
a board-level threat.
Such incidents can have a systemic impact on technology infrastructure,
resulting in critical systems being unavailable for prolonged periods. In
a health care setting this can directly impact patient safety and create
substantial risks of regulatory action and litigation.
This was recently highlighted by the serious attack on the Irish health
care service (HSE), which resulted in delayed Covid-19 testing,
cancelled appointments and impacted frontline services.
HSE’s post-incident report recommendations illustrate many of the
steps that we commonly recommend organizations take to guard
against and prepare for ransomware attacks, including:
• D
evelop incident response and business continuity plans,
which can provide a reasonably detailed outline of how the
organisation will respond as well as promptly recover impacted
systems, particularly taking into account potential large-scale loss
of functionality across global operations.
• T
est plans through tabletop exercises that help ensure
that plans work in practice, relevant stakeholders across the
organisation understand their roles, and any identified weaknesses
can be addressed in advance.
• U
nderstand technology and cybersecurity risk profile,
including through periodic assessment and corresponding risk
management activities.
• C
onfirm appropriate executive leadership and
corresponding Board oversight such that senior management is
intimately involved in driving ongoing enhancements and overseeing
how the organisation’s cybersecurity standards address increasingly
wide-ranging regulatory requirements across jurisdictions.
Joke Bodewits
Partner, Amsterdam
Paul Otto
Partner, Washington, D.C.
Dan Whitehead
Counsel, London
