• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Log In
  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • Downloads
  • Podcasts
  • Subscribe
  • Project of the Week
    SEARCH
Sponsored by:

MVIX Logo for Spotlight

Spotlight on Digital Signage
South Korea Upgrades Suyanggae Light Tunnel with AV Solutions
Mvix Creates 5 Custom Content Widgets for Digital Signage
Featured Video Play Icon
NanoLumens Installed Two 40-Foot LED Displays in Under 30 Days
Featured Video Play Icon
DSF Chairman Rich Ventura: DSE Is Portal for Digital Signage Integration
Almo CONTENT: Digital Signage Content Packages Added to Portfolio
Network Security

5 Steps Healthcare Organizations Should Take After a Data Security Breach

Healthcare organization can be absolutely crippled by a data security breach. Here are five steps to take if your organization is affected.

December 11, 2017 Chris Byers Leave a Comment

Healthcare security breaches have been on the rise in recent years. In 2016 alone, more than 27 million patient records were compromised as part of 450 data security breach incidents. And 2017 isn’t looking much better, with several large breaches already logged with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR).

Data security breaches can be costly—especially if they involve HIPAA violations. Earlier this year, Anthem reached a $115 million settlement for a data breach impacting 78.8 million records—a new record.

HIPAA fines aren’t the only costs associated with healthcare security breaches. When a breach occurs, organizations must work through a series of time-consuming (and often expensive) actions to mitigate the situation. Here are five steps your healthcare organization should take to ensure a timely and appropriate response in the event of a data security breach:

#1: Identify vulnerabilities

The first step is to identify the root of the problem and isolate any security issues to stop the breach. This may involve performing a risk analysis to determine the nature and scope of the security breach, as well as its origin.

There are several questions you’ll need to answer:

  • Who is responsible for the breach? Internal personnel? External hackers?
  • When did the breach occur?
  • How did the breach occur? Were servers or systems hacked? Did an employee unlawfully access information?
  • Was any ePHI compromised?

#2: Seek professional legal and security counsel

Seek assistance from legal and security professionals. The legal team can review your notification plan and help you draft documentation and communications related to the breach. They can also provide advice on how to handle people affected by the data leak and help prepare you for the potential of liability lawsuits. For instance, they may advise you to offer credit card monitoring to all victims for a period of time after the breach.

The security team can do a deep dive into any identified security flaws. Then, they can help you fix network issues and ensure all systems have returned to a secure state.

Tips for Buying Cybersecurity Technology

Learn how to write a cybersecurity RFP, choose cybersecurity partners, and implement cybersecurity technology. Download this free report for all the details.

The Technology Manager’s Guide: Tips for Buying Cybersecurity Technology

#3: Notify appropriate parties

The HIPAA Breach Notification Rule requires all healthcare organizations that experience an ePHI security breach to adhere to a strict breach notification process. In short, covered entities (and their business associates) must notify all affected individuals and the Secretary of HHS. In addition, facilities are required to notify prominent media outlets in their area if more than 500 individuals may have been affected by the breach.

Notifications must be provided in a timely manner—within 60 days of the security breach discovery. If an organization doesn’t self-report a breach, it is considered willful neglect. If the unreported breach is discovered during a HIPAA audit, the organization could face a minimum fine of $10,000 per violation.

Health organizations should also be aware of any state data breach notification laws that may come into play after a breach.

#4: Address risks

While immediate threats should be addressed as soon as a data security breach is discovered, other outstanding issues may still need to be remedied after the breach is stopped and appropriate individuals are notified. You should conduct a thorough security audit to identify additional risks and work to implement safeguards to help protect your systems against future attacks.

Some remediation actions to consider include:

  • Restoring data from clean backups
  • Reformatting hacked devices
  • Updating all accounts with new, secure passwords

#5: Manage resulting consequences

Healthcare security breaches can have long-lasting consequences. As mentioned previously, HIPAA violations often lead to costly fines from the OCR. Depending on the circumstances surrounding the breach, criminal penalties (such as jail time) might also be handed down. Additionally, you’ll have your work cut out for you with regaining patient trust and restoring your reputation. However, if you can smoothly manage the fallout by following these five steps, you’ll be on your way to repairing relationships and rebuilding trust in your organization.

Chris Byers is the CEO of Formstack, an Indianapolis-based company offering an online form and data-collection platform. Prior to Formstack, Byers co-founded an international nonprofit that was built via remote relationships among partners in Europe, Africa, and the United States.

Tagged With: Cyber Security, Data Recovery

Related Content:

  • Your Data Center Needs Automated Verification for Security
  • Cyber Security Cybersecurity Practices for the Layman Employee
  • who got hacked Who Got Hacked This Week? April 20 Edition
  • Cyber Security Why You Need a Culture Aware of Cybersecurity

Free downloadable guide you may like:

  • 6 Secrets to Better IT Project Management

    After more than 30 years with the U.S. General Services Administration (GSA), Robert Marshall, Ph.D., PMP, CSPM, knows a thing or two about large scale IT project planning and implementation. Get expert tips on how to deliver your IT projects on time and within budget.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Get the FREE Tech Decisions eNewsletter

Sign up Today!

More from Our Sister Publications

Get the latest news about AV integrators, IT providers, and Security installers from our sister publications:

Commercial Integrator
Security Sales
ChannelPro

Get Your Work Featured on Tech Decisions!

IT, A/V, and Security Integrators Get Your Work Featured on TechDecisions! Do you want to have your work featured as a Project of the Week on TechDecisions? TechDecisions listed integrators get FREE access to upload their work projects for our editors to review and potentially feature online! If you are not a listed integrator yet, get your FREE basic listing by subscribing or renewing your FREE (with industry qualification) subscription to ChannelPro-SMB, Security Sales & Integration, or Commercial Integrator.

Learn More

Footer

TechDecisions

  • Home
  • About Us
  • Contact Us
  • Advertising
  • Comment Guidelines
  • Privacy Policy
  • Terms of Use
  • RSS Feeds
  • Google Plus
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides

IT, A/V, and Security Professionals Get the Benefits of a FREE Subscription

Whether you are renewing or starting a new subscription, qualified industry professionals who subscribe to ChannelPro-SMB, Security Sales & Integration, or Commercial Integrator now also receive a FREE listing here in the TechDecisions Integrator Directory, and can also qualify to submit their work to be featured as a TechDecisions Project of the Week!

Get Started

© 2018 TechDecisions • A Division of EH Publishing, Inc. d.b.a EH Media • 111 Speen Street, Ste 200, Framingham, MA 01701 USA

Near me
40 miles