Do You Have a Breach Response Plan?
More than ever, providers, insurers, clearinghouses and business associateswhether or not covered under the HIPAA security ruleneed to regularly conduct a comprehensive risk assessment that covers information technology, physical security, policies and procedures and other factors.
Two years ago, health law attorney Daniel Gottlieb would counsel clients to focus data security efforts on human errors that can cause data breaches, such as leaving a laptop on an airplane or in the back of a car.
Now, he talks of two types of cyber criminalsthose engaged in collecting Social Security numbers and other health data for common theft, and those engaged in espionage such as economic crimes and backed by nation states. And he talks of having a breach response plannow.
Also See: Taking a New Look at Data Security Social Engineering
More than ever, providers, insurers, clearinghouses and business associateswhether or not covered under the HIPAA security ruleneed to regularly conduct a comprehensive risk assessment that covers information technology, physical security, policies and procedures and other factors, Gottlieb says.
Even entities that have diligently done the assessments and used findings to make improvements have a continuous battle on their hands, he adds. The criminals are smart, you solve one problem and two others pop up. Its like the Whack-a-Mole game.
Cyber attacks happen all the time, even to organizations implementing a rigorous program. Thats why it is important to have a breach response plan in place now that includes more frequent system backups, contracts with outside counsel, forensic investigators and, credit/identity protection services, as well as contacts with local police and the local FBI, Gottlieb says.
Now, he talks of two types of cyber criminalsthose engaged in collecting Social Security numbers and other health data for common theft, and those engaged in espionage such as economic crimes and backed by nation states. And he talks of having a breach response plannow.
Also See: Taking a New Look at Data Security Social Engineering
More than ever, providers, insurers, clearinghouses and business associateswhether or not covered under the HIPAA security ruleneed to regularly conduct a comprehensive risk assessment that covers information technology, physical security, policies and procedures and other factors, Gottlieb says.
Even entities that have diligently done the assessments and used findings to make improvements have a continuous battle on their hands, he adds. The criminals are smart, you solve one problem and two others pop up. Its like the Whack-a-Mole game.
Cyber attacks happen all the time, even to organizations implementing a rigorous program. Thats why it is important to have a breach response plan in place now that includes more frequent system backups, contracts with outside counsel, forensic investigators and, credit/identity protection services, as well as contacts with local police and the local FBI, Gottlieb says.
More for you
Loading data for hdm_tax_topic #care-team-experience...