spinningPlatesiStock_000011904878_LargeIt’s a dangerous world for protected information, with major breaches in the news and a challenging cyber-threat environment behind the scenes. The healthcare industry is a prime target, especially given the premium value of health information on the black market. And healthcare entities face not only PHI breach exposures, but also security risks for other forms of protected information, such as PII and, for many, cardholder data.

Healthcare organizations must be prepared to respond to data breaches, but effective response is no small matter. There are 10 different channels of response activity for an organization that has suffered a security breach: Security, Legal, Forensic, Law Enforcement, Regulators, Insurance Coverage, Public Relations, Stakeholders, Notification, and Personnel Management. Most of these activities are involved in every breach, and all must be dealt with in significant breaches. These activities are not sequential. They play out in parallel, with interrelated effects… and with the response clock ticking.

Many organizations have important elements already in place for certain Security activities. Larger organizations may have a Security Operations Center (SOC) within their IT function, and some may use a Security Information and Event Management (SIEM) tool to detect and evaluate network intrusions. Organizations may also have a Computer Security Incident Response Team (CSIRT or CIRT), usually with IT Security leadership, focused on computer security activities for incident response. Though important, these IT Security capabilities are typically neither designed nor adequate to manage the other nine activity channels needed for breach response.

Deciding how to handle all of these interwoven activities in the midst of an actual breach, with no advance planning, is a guarantee for failure. There simply is no substitute for preparation. Effective breach response readiness requires that the organization understand what will be needed in each of the 10 activity channels for its anticipated breach scenarios, and also how these activities will be managed simultaneously to avoid unnecessary risk, delay, and cost.

For more information on the 10 activity channels for data breach response, and how to achieve breach response readiness, click here.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Peter Sloan Peter Sloan

Peter advises clients on how best to retain, secure, preserve, and dispose of information. He helps clients throughout the United States create, validate, and update retention schedules; implement compliant information management policies and processes; and defensibly dispose of information. Peter also counsels clients…

Peter advises clients on how best to retain, secure, preserve, and dispose of information. He helps clients throughout the United States create, validate, and update retention schedules; implement compliant information management policies and processes; and defensibly dispose of information. Peter also counsels clients on data security compliance and breach response readiness, and he works with clients to manage data breach response.

Peter has served clients across a broad range of industries, including:

Financial Services (national and state-chartered banks, investment companies, investment advisers, broker-dealers, tax preparation companies, insurance companies, and government-sponsored enterprises)
Health Care (health systems and hospitals, physician practices, pharmacy and pharmacy benefit management companies, pharmaceutical and biotechnology firms, and medical equipment manufacturers)
Energy (power and gas utilities, power transmission companies, oil and gas pipeline companies, and exploration and production companies)
Higher Education
Engineering and Construction
Manufacturing
Retail
Technology
Transportation

Photo of Deb Hiser Deb Hiser

Deborah focuses her practice on representing physicians, behavioral health providers, hospitals, ambulatory surgery centers and multispecialty clinics in operational and regulatory matters. She successfully guides HIPAA investigations, including breaches involving hundreds of individuals.