Healthcare organizations generally recognize the importance of having a response plan in place for ransomware attacks, but the effectiveness of such plans often hinges on detailed preparation, according to Rick Doten, vice president and CISO of health plans at Centene Corp. In a recent interview, Doten emphasized that critical elements of incident preparedness are frequently overlooked until the moment they are most needed.
Key considerations for a robust response plan include having access to cyber insurance, trained incident response teams, and ransomware negotiators. These components should be meticulously planned prior to any incident, as they can significantly minimize recovery time during an attack. Doten frequently collaborates with healthcare clients facing disruptive cyber events, reiterating that pre-emptive preparation can vastly influence how organizations manage crises.
A critical yet often neglected aspect of incident response strategies, Doten noted, involves establishing secure off-network communication channels. In the event of a ransomware attack, adversaries gain control over the targeted environment, potentially compromising email communications and internal messaging platforms. This makes it crucial for organizations to have alternative ways to communicate and exchange vital information without risking exposure to the attackers.
Failing to prepare for such contingencies could prolong recovery efforts, as attackers can anticipate organizational responses if operations remain largely dependent on compromised networks. The danger lies in the fact that malicious actors may be monitoring every action taken online, allowing them to disrupt recovery plans effectively.
During the interview at the HealthSec USA 2025 conference in Boston, Doten addressed common pitfalls, including issues related to backup data, strategies for negotiating with ransomware attackers, and the challenge of managing external communications regarding cyber incidents. He underscored the importance of vigilance and well-crafted communication strategies to balance transparency and security when disclosing information about cyber threats.
Doten, who has a background in advising international corporations on cybersecurity matters, has developed security programs and curricula intended to bolster cybersecurity education among corporate leaders. He is also active with various security organizations and serves as a board advisor to multiple startups in the cybersecurity space.
For business owners in the U.S. tech industry, understanding the potential tactics and techniques that adversaries may utilize is vital. According to the MITRE ATT&CK framework, tactics such as initial access, persistence, and privilege escalation are commonplace in such attacks. By familiarizing themselves with these strategies, organizations can better fortify their defenses and enhance their incident response plans.
In light of the ever-evolving threat landscape, it is essential for businesses to remain proactive in their cybersecurity initiatives. This includes regular assessments of incident response capabilities and ensuring that communication strategies are in place to navigate potential crises effectively. The insights from industry experts like Doten can serve as crucial guidance for organizations seeking to bolster their defenses against the growing threat of ransomware and other cyberattacks.
