Two years ago, health law attorney Daniel Gottlieb would counsel clients to focus data security efforts on human errors that can cause data breaches, such as leaving a laptop on an airplane or in the back of a car.

Now, he talks of two types of cyber criminals—those engaged in collecting Social Security numbers and other health data for common theft, and those engaged in espionage such as economic crimes and backed by nation states. And he talks of having a breach response plan—now.

Also See: Taking a New Look at Data Security Social Engineering

More than ever, providers, insurers, clearinghouses and business associates—whether or not covered under the HIPAA security rule—need to regularly conduct a comprehensive risk assessment that covers information technology, physical security, policies and procedures and other factors, Gottlieb says.

Even entities that have diligently done the assessments and used findings to make improvements have a continuous battle on their hands, he adds. “The criminals are smart, you solve one problem and two others pop up. It’s like the Whack-a-Mole game.”

Cyber attacks happen all the time, even to organizations implementing a rigorous program. That’s why it is important to have a breach response plan in place now that includes more frequent system backups, contracts with outside counsel, forensic investigators and, credit/identity protection services, as well as contacts with local police and the local FBI, Gottlieb says.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access