SlideShare ist ein Scribd-Unternehmen logo

Breach Response Matters: Effectively Handling Health Care Cyber Security Incidents

Polsinelli PC
Polsinelli PC

Thursday, August 3, 2017

Gesundheitswesen
1 von 24
Downloaden Sie, um offline zu lesen
Breach Response Matters: Effectively Handling Health Care Cyber Security Incidents
Speaker Introductions  Rebecca Frigy Romine, Shareholder, HIPAA|Health Information Privacy and Security, Polsinelli  Montez Fitzpatrick, Director of Information Security and Compliance, Keystone Technologies  J. Monte Shields, Manager, Agency Marketing, The Keane Insurance Group, Inc. 2
Agenda  Recent cyber security attacks and threats  Placing your organization in the best position to prevent and respond to an attack  An attack has happened, now what? Health care organization legal obligations and mitigation approaches  Effectively working with your cyber liability insurance carrier and law enforcement 3
Recent Cyber Security Attacks, Threats, and Trends  2017 Cyber Healthcare & Life Sciences Survey found that 47 percent of providers and health plans had a security-related HIPAA violation or a cybersecurity attack that impacted data.  Increase of 10% from 2015  Office for Civil Rights data regarding Breaches involving 500+ individuals  Ransomware – WannaCry  Phishing and Social Engineering  Other Attacks 4
Preparing for a Cybersecurity Attack It’s not a matter of IF an attack will occur, but rather WHEN… Steps to take to help address the WHEN:  Implementing an effective compliance program  Information assurance and information system architecture  Obtaining adequate cyberliability coverage 5
Key Security-Related Aspects of an Effective Compliance Program  View the HIPAA Security Rule only as a baseline and policy framework requirement – Risk Analysis and Risk Management Plans – Encryption and password management – “Addressable” does not mean “Optional”  Ensuring internal/external expertise is readily available  Effective workforce training and monitoring  Effective incident response procedures 6
Incident Handling Preparation  Value of Information Assurance 7
Value of Information Assurance Triple Funnel INTELLIGENCE RISK BUSINESS CONTINUITY 8
Value of Information Assurance Triple Funnel INTELLIGENCE RISK BUSINESS CONTINUITY Ø actualize assign realize 9
Value of Information Assurance Triple Funnel INTELLIGENCE actualize What assets do we have; What are they worth? Who are our adversaries; What are their capabilities? Ø 10
Value of Information Assurance Triple Funnel RISK assign Analysis Management Assessment 11
Value of Information Assurance Risk Assessment 12
Value of Information Assurance Triple Funnel BUSINESS CONTINUITY realize Operations 13
Value of Information Assurance BUSINESS CONTINUITY Operations EMERGENCY MODE OPERATIONS DISASTER RESPONSE INCIDENT HANDLING BUSINESS CONTINUITY BUSINESS CONTINUITY 14
Phases of Incident Management  PREPARATION  IDENTIFICATION  CONTAINMENT  ERADICATION  RECOVERY  LESSONS LEARNED 15
Incident Handling Preparation When you have an incident. . . . . . Will you be ready? 16
Incident Handling Preparation  Assign Roles and Responsibilities  Assert Information needed to Construct Event  Define Relationships with Third Parties  Train your Team 17
Cyberliability Coverage  Risk Management Solutions – Eliminate Risk • For some risks this is impossible – Minimize/Reduce Risk • Risk Analysis – make adjustments/corrections • HIPAA Compliance • Train Staff – security, notification, response – Transfer Risk – Insurance • Purchase a separate policy 18
Cyberliability Coverage  Types of coverage  Medical malpractice policies have limited coverage for Cyber Liability – Covers only named insured – Limited liability limits – Limited coverage  Most GL policies and BOPs exclude Cyber Liability or have limited coverage – Needs to be added by a rider or endorsement – Limited coverage – No coverage for regulatory violations 19
Cyberliability Coverage  Purchase Stand Alone Coverage – Make sure the policy includes: • $1,000,000 limit • Data loss • Data breaches • Regulatory violation coverage – HIPAA, HITECH, RAC, etc. • Notification expenses, credit monitoring, forensics, PR • Business interruption • Multimedia coverage for slander, libel, copyright, false ads • Read the exclusions  Reporting and working with your insurance carrier 20
Effectively Responding to an Attack  Time is of the Essence – Immediate Isolation – Notification Timeframes (including insurance carrier)  Engaging Outside Assistance – Security forensic experts – Legal counsel – Law Enforcement  Returning to Business As Usual 21
Legal Obligations Following an Attack  HIPAA Breach Risk Assessment and Notification Obligations – Must consider whether PHI was unavailable, not just whether it was impermissibly accessed, used, or disclosed.  State Law Notification Requirements  Addressing Weaknesses and Vulnerabilities  Preparing for a Potential Investigation 22
Key Takeaways  Too small to be a target is a myth.  Preparation does not equate to Prevention, but is the most important mitigation step.  All individuals at your organization are responsible and need to be involved.  Time is always of the essence.  Human error cannot be 100% prevented, but awareness goes a long way. 23
Polsinelli provides this material for informational purposes only. The material provided herein is general and is not intended to be legal advice. Nothing herein should be relied upon or used without consulting a lawyer to consider your specific circumstances, possible changes to applicable laws, rules and regulations and other legal issues. Receipt of this material does not establish an attorney-client relationship. Polsinelli is very proud of the results we obtain for our clients, but you should know that past results do not guarantee future results; that every case is different and must be judged on its own merits; and that the choice of a lawyer is an important decision and should not be based solely upon advertisements. © 2017 Polsinelli PC. In California, Polsinelli LLP. Polsinelli is a registered mark of Polsinelli PC 24

Empfohlen

Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec
Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 DecXavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec
Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 DecLaura Tibbo
 
What Small Business Can Do To Protect Themselves Now in Cybersecurity
What Small Business Can Do To Protect Themselves Now in CybersecurityWhat Small Business Can Do To Protect Themselves Now in Cybersecurity
What Small Business Can Do To Protect Themselves Now in CybersecurityReading Works Detroit
 
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsTo Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsElizabeth Dimit
 
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Accounting_Whitepapers
 
Security Awareness: The Best Defence
Security Awareness: The Best DefenceSecurity Awareness: The Best Defence
Security Awareness: The Best DefenceShawn Brown
 
New Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-ProfitsNew Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-ProfitsDavid X Martin
 
CROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martinCROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martinDavid X Martin
 
Cyber risk-overview-wtw (1)
Cyber risk-overview-wtw (1)Cyber risk-overview-wtw (1)
Cyber risk-overview-wtw (1)Alex Yates
 

Empfohlen

Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec
Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 DecXavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec
Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 DecLaura Tibbo
 
What Small Business Can Do To Protect Themselves Now in Cybersecurity
What Small Business Can Do To Protect Themselves Now in CybersecurityWhat Small Business Can Do To Protect Themselves Now in Cybersecurity
What Small Business Can Do To Protect Themselves Now in CybersecurityReading Works Detroit
 
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsTo Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsElizabeth Dimit
 
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Accounting_Whitepapers
 
Security Awareness: The Best Defence
Security Awareness: The Best DefenceSecurity Awareness: The Best Defence
Security Awareness: The Best DefenceShawn Brown
 
New Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-ProfitsNew Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-ProfitsDavid X Martin
 
CROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martinCROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martinDavid X Martin
 
Cyber risk-overview-wtw (1)
Cyber risk-overview-wtw (1)Cyber risk-overview-wtw (1)
Cyber risk-overview-wtw (1)Alex Yates
 
MCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementMCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementWilliam McBorrough
 
Privacy, Security + Risk: Case Studies + Best Practices for Your Company
Privacy, Security + Risk: Case Studies + Best Practices for Your CompanyPrivacy, Security + Risk: Case Studies + Best Practices for Your Company
Privacy, Security + Risk: Case Studies + Best Practices for Your CompanyKegler Brown Hill + Ritter
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk ManagementNikhil Soni
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic ManagementMarcelo Martins
 
Security Leaders: Manage the Forest, Not the Trees
Security Leaders: Manage the Forest, Not the TreesSecurity Leaders: Manage the Forest, Not the Trees
Security Leaders: Manage the Forest, Not the TreesAdam Stone
 
Linked in misti_rs_1.0
Linked in misti_rs_1.0Linked in misti_rs_1.0
Linked in misti_rs_1.0Vincent Toms
 
Technology leadership driving business innovation
Technology leadership driving business innovationTechnology leadership driving business innovation
Technology leadership driving business innovationJoAnna Cheshire
 
Brochure - About Rook
Brochure - About RookBrochure - About Rook
Brochure - About RookJulie Brown, CPMM
 
Information Technology Vendor Risk Management
Information Technology Vendor Risk ManagementInformation Technology Vendor Risk Management
Information Technology Vendor Risk ManagementDeepak Bansal, CPA CISSP
 
Viyya Ssms Overview 2009
Viyya Ssms Overview 2009Viyya Ssms Overview 2009
Viyya Ssms Overview 2009guestee358
 
Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Resolver Inc.
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 
MP_OneSheet_VulnThreat
MP_OneSheet_VulnThreatMP_OneSheet_VulnThreat
MP_OneSheet_VulnThreatKatherine Johnston, CFE
 
Organizational Integrity & Its Relationship with Management Systems and Enter...
Organizational Integrity & Its Relationship with Management Systems and Enter...Organizational Integrity & Its Relationship with Management Systems and Enter...
Organizational Integrity & Its Relationship with Management Systems and Enter...PECB
 
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...Hewlett Packard Enterprise Business Value Exchange
 
Risk Assessment And Management
Risk Assessment And ManagementRisk Assessment And Management
Risk Assessment And Managementvikasraina
 
Creating a security culture 4
Creating a security culture 4Creating a security culture 4
Creating a security culture 4Robin Patras
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsColleen Beck-Domanico
 
Risk Management Methodology - Copy
Risk Management Methodology - CopyRisk Management Methodology - Copy
Risk Management Methodology - CopyRabah Odeh ITIL 5.0-OCP-CISA-PMP-OCP..etc
 
BEA Presentation
BEA PresentationBEA Presentation
BEA PresentationGlenn E. Davis
 
ISACA talk - cybersecurity and security culture
ISACA talk - cybersecurity and security cultureISACA talk - cybersecurity and security culture
ISACA talk - cybersecurity and security cultureCraig McGill
 

Weitere ähnliche Inhalte

Was ist angesagt?

MCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementMCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementWilliam McBorrough
 
Privacy, Security + Risk: Case Studies + Best Practices for Your Company
Privacy, Security + Risk: Case Studies + Best Practices for Your CompanyPrivacy, Security + Risk: Case Studies + Best Practices for Your Company
Privacy, Security + Risk: Case Studies + Best Practices for Your CompanyKegler Brown Hill + Ritter
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk ManagementNikhil Soni
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic ManagementMarcelo Martins
 
Security Leaders: Manage the Forest, Not the Trees
Security Leaders: Manage the Forest, Not the TreesSecurity Leaders: Manage the Forest, Not the Trees
Security Leaders: Manage the Forest, Not the TreesAdam Stone
 
Linked in misti_rs_1.0
Linked in misti_rs_1.0Linked in misti_rs_1.0
Linked in misti_rs_1.0Vincent Toms
 
Technology leadership driving business innovation
Technology leadership driving business innovationTechnology leadership driving business innovation
Technology leadership driving business innovationJoAnna Cheshire
 
Information Technology Vendor Risk Management
Information Technology Vendor Risk ManagementInformation Technology Vendor Risk Management
Information Technology Vendor Risk ManagementDeepak Bansal, CPA CISSP
 
Viyya Ssms Overview 2009
Viyya Ssms Overview 2009Viyya Ssms Overview 2009
Viyya Ssms Overview 2009guestee358
 
Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Resolver Inc.
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 
Organizational Integrity & Its Relationship with Management Systems and Enter...
Organizational Integrity & Its Relationship with Management Systems and Enter...Organizational Integrity & Its Relationship with Management Systems and Enter...
Organizational Integrity & Its Relationship with Management Systems and Enter...PECB
 
Risk Assessment And Management
Risk Assessment And ManagementRisk Assessment And Management
Risk Assessment And Managementvikasraina
 
Creating a security culture 4
Creating a security culture 4Creating a security culture 4
Creating a security culture 4Robin Patras
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsColleen Beck-Domanico
 

Was ist angesagt? (20)

MCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementMCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability Statement
 
Privacy, Security + Risk: Case Studies + Best Practices for Your Company
Privacy, Security + Risk: Case Studies + Best Practices for Your CompanyPrivacy, Security + Risk: Case Studies + Best Practices for Your Company
Privacy, Security + Risk: Case Studies + Best Practices for Your Company
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic Management
 
Security Leaders: Manage the Forest, Not the Trees
Security Leaders: Manage the Forest, Not the TreesSecurity Leaders: Manage the Forest, Not the Trees
Security Leaders: Manage the Forest, Not the Trees
 
Linked in misti_rs_1.0
Linked in misti_rs_1.0Linked in misti_rs_1.0
Linked in misti_rs_1.0
 
Technology leadership driving business innovation
Technology leadership driving business innovationTechnology leadership driving business innovation
Technology leadership driving business innovation
 
Brochure - About Rook
Brochure - About RookBrochure - About Rook
Brochure - About Rook
 
Information Technology Vendor Risk Management
Information Technology Vendor Risk ManagementInformation Technology Vendor Risk Management
Information Technology Vendor Risk Management
 
Viyya Ssms Overview 2009
Viyya Ssms Overview 2009Viyya Ssms Overview 2009
Viyya Ssms Overview 2009
 
Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 
MP_OneSheet_VulnThreat
MP_OneSheet_VulnThreatMP_OneSheet_VulnThreat
MP_OneSheet_VulnThreat
 
Organizational Integrity & Its Relationship with Management Systems and Enter...
Organizational Integrity & Its Relationship with Management Systems and Enter...Organizational Integrity & Its Relationship with Management Systems and Enter...
Organizational Integrity & Its Relationship with Management Systems and Enter...
 
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
 
Risk Assessment And Management
Risk Assessment And ManagementRisk Assessment And Management
Risk Assessment And Management
 
Creating a security culture 4
Creating a security culture 4Creating a security culture 4
Creating a security culture 4
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial Institutions
 
Risk Management Methodology - Copy
Risk Management Methodology - CopyRisk Management Methodology - Copy
Risk Management Methodology - Copy
 

Ähnlich wie Breach Response Matters: Effectively Handling Health Care Cyber Security Incidents

ISACA talk - cybersecurity and security culture
ISACA talk - cybersecurity and security cultureISACA talk - cybersecurity and security culture
ISACA talk - cybersecurity and security cultureCraig McGill
 
Right-Sizing the Security and Information Assurance for Companies, a Core-ver...
Right-Sizing the Security and Information Assurance for Companies, a Core-ver...Right-Sizing the Security and Information Assurance for Companies, a Core-ver...
Right-Sizing the Security and Information Assurance for Companies, a Core-ver...Dana Gardner
 
Brunswick Intelligence - Building reputational resilience to cyber attack
Brunswick Intelligence - Building reputational resilience to cyber attackBrunswick Intelligence - Building reputational resilience to cyber attack
Brunswick Intelligence - Building reputational resilience to cyber attackBrunswick Group
 
Incident ResponseAs a security professional, you will.docx
Incident ResponseAs a security professional, you will.docx Incident ResponseAs a security professional, you will.docx
Incident ResponseAs a security professional, you will.docxMARRY7
 
Information security – risk identification is all
Information security – risk identification is allInformation security – risk identification is all
Information security – risk identification is allPECB
 
Cybersecurity Risk Management Tools and Techniques (1).pptx
Cybersecurity Risk Management Tools and Techniques (1).pptxCybersecurity Risk Management Tools and Techniques (1).pptx
Cybersecurity Risk Management Tools and Techniques (1).pptxClintonKelvin
 
The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)Kroll
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks- Mark - Fullbright
 
Cyber security incidents implications in business continuity planning
Cyber security incidents implications in business continuity planningCyber security incidents implications in business continuity planning
Cyber security incidents implications in business continuity planningPECB
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Richard Brzakala
 
EB - Five Forces That Drive a Successful Managed Security Services Offering -...
EB - Five Forces That Drive a Successful Managed Security Services Offering -...EB - Five Forces That Drive a Successful Managed Security Services Offering -...
EB - Five Forces That Drive a Successful Managed Security Services Offering -...ssuser2d55aa
 
Aon's Underrated Threats Report
Aon's Underrated Threats ReportAon's Underrated Threats Report
Aon's Underrated Threats ReportGraeme Cross
 
Treat Cyber Like a Disease
Treat Cyber Like a DiseaseTreat Cyber Like a Disease
Treat Cyber Like a DiseaseSurfWatch Labs
 
Corporate Security Intelligence Just Got Smarter All Courses Linkedin
Corporate Security Intelligence Just Got Smarter All Courses LinkedinCorporate Security Intelligence Just Got Smarter All Courses Linkedin
Corporate Security Intelligence Just Got Smarter All Courses LinkedinSteve Phelps
 
Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013EY
 
You will be breached
You will be breachedYou will be breached
You will be breachedMike Saunders
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response PlanNext Dimension Inc.
 

Ähnlich wie Breach Response Matters: Effectively Handling Health Care Cyber Security Incidents (20)

BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
 
ISACA talk - cybersecurity and security culture
ISACA talk - cybersecurity and security cultureISACA talk - cybersecurity and security culture
ISACA talk - cybersecurity and security culture
 
Right-Sizing the Security and Information Assurance for Companies, a Core-ver...
Right-Sizing the Security and Information Assurance for Companies, a Core-ver...Right-Sizing the Security and Information Assurance for Companies, a Core-ver...
Right-Sizing the Security and Information Assurance for Companies, a Core-ver...
 
Brunswick Intelligence - Building reputational resilience to cyber attack
Brunswick Intelligence - Building reputational resilience to cyber attackBrunswick Intelligence - Building reputational resilience to cyber attack
Brunswick Intelligence - Building reputational resilience to cyber attack
 
Incident ResponseAs a security professional, you will.docx
Incident ResponseAs a security professional, you will.docx Incident ResponseAs a security professional, you will.docx
Incident ResponseAs a security professional, you will.docx
 
Information security – risk identification is all
Information security – risk identification is allInformation security – risk identification is all
Information security – risk identification is all
 
Cybersecurity Risk Management Tools and Techniques (1).pptx
Cybersecurity Risk Management Tools and Techniques (1).pptxCybersecurity Risk Management Tools and Techniques (1).pptx
Cybersecurity Risk Management Tools and Techniques (1).pptx
 
The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
 
Cyber security incidents implications in business continuity planning
Cyber security incidents implications in business continuity planningCyber security incidents implications in business continuity planning
Cyber security incidents implications in business continuity planning
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals
 
EB - Five Forces That Drive a Successful Managed Security Services Offering -...
EB - Five Forces That Drive a Successful Managed Security Services Offering -...EB - Five Forces That Drive a Successful Managed Security Services Offering -...
EB - Five Forces That Drive a Successful Managed Security Services Offering -...
 
Ey giss-under-cyber-attack
Ey giss-under-cyber-attackEy giss-under-cyber-attack
Ey giss-under-cyber-attack
 
Aon's Underrated Threats Report
Aon's Underrated Threats ReportAon's Underrated Threats Report
Aon's Underrated Threats Report
 
Executive Breach Response Playbook
Executive Breach Response PlaybookExecutive Breach Response Playbook
Executive Breach Response Playbook
 
Treat Cyber Like a Disease
Treat Cyber Like a DiseaseTreat Cyber Like a Disease
Treat Cyber Like a Disease
 
Corporate Security Intelligence Just Got Smarter All Courses Linkedin
Corporate Security Intelligence Just Got Smarter All Courses LinkedinCorporate Security Intelligence Just Got Smarter All Courses Linkedin
Corporate Security Intelligence Just Got Smarter All Courses Linkedin
 
Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013
 
You will be breached
You will be breachedYou will be breached
You will be breached
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response Plan
 

Mehr von Polsinelli PC

Tax Cuts & Job Act Implications for Small Business Investments Companies
Tax Cuts & Job Act Implications for Small Business Investments Companies Tax Cuts & Job Act Implications for Small Business Investments Companies
Tax Cuts & Job Act Implications for Small Business Investments Companies Polsinelli PC
 
Preventing Compliance Quagmires in Senior Living Communities: Part 1 - Can So...
Preventing Compliance Quagmires in Senior Living Communities: Part 1 - Can So...Preventing Compliance Quagmires in Senior Living Communities: Part 1 - Can So...
Preventing Compliance Quagmires in Senior Living Communities: Part 1 - Can So...Polsinelli PC
 
Life After Escobar – Recent Developments In False Claims Act Litigation
Life After Escobar – Recent Developments In False Claims Act LitigationLife After Escobar – Recent Developments In False Claims Act Litigation
Life After Escobar – Recent Developments In False Claims Act LitigationPolsinelli PC
 
The Emerald Series: Emily's Road to the Ideal Workplace Get to Work (Off the ...
The Emerald Series: Emily's Road to the Ideal Workplace Get to Work (Off the ...The Emerald Series: Emily's Road to the Ideal Workplace Get to Work (Off the ...
The Emerald Series: Emily's Road to the Ideal Workplace Get to Work (Off the ...Polsinelli PC
 
Big Decisions: ACO Participation Reforming and Unwinding in 2019
Big Decisions: ACO Participation Reforming and Unwinding in 2019Big Decisions: ACO Participation Reforming and Unwinding in 2019
Big Decisions: ACO Participation Reforming and Unwinding in 2019Polsinelli PC
 
Tax Cuts & Jobs Act Implications for Banking Institutions
Tax Cuts & Jobs Act Implications for Banking Institutions Tax Cuts & Jobs Act Implications for Banking Institutions
Tax Cuts & Jobs Act Implications for Banking Institutions Polsinelli PC
 
340B Drug Pricing Under the Microscope
340B Drug Pricing Under the Microscope340B Drug Pricing Under the Microscope
340B Drug Pricing Under the MicroscopePolsinelli PC
 
The Intersection of OCR Enforcement and Health Care Data Privacy & Security
The Intersection of OCR Enforcement and Health Care Data Privacy & SecurityThe Intersection of OCR Enforcement and Health Care Data Privacy & Security
The Intersection of OCR Enforcement and Health Care Data Privacy & SecurityPolsinelli PC
 
The Emerald Series: It's (not) in the Handbook
The Emerald Series: It's (not) in the HandbookThe Emerald Series: It's (not) in the Handbook
The Emerald Series: It's (not) in the HandbookPolsinelli PC
 
Health Care "Prime" - The Future of the Ownership, Organization, Payment, and...
Health Care "Prime" - The Future of the Ownership, Organization, Payment, and...Health Care "Prime" - The Future of the Ownership, Organization, Payment, and...
Health Care "Prime" - The Future of the Ownership, Organization, Payment, and...Polsinelli PC
 
The Trump Labor Board Goes Back to the Future
The Trump Labor Board Goes Back to the FutureThe Trump Labor Board Goes Back to the Future
The Trump Labor Board Goes Back to the FuturePolsinelli PC
 
Fraud and Abuse - 2017 Year in Review
Fraud and Abuse - 2017 Year in ReviewFraud and Abuse - 2017 Year in Review
Fraud and Abuse - 2017 Year in ReviewPolsinelli PC
 
Health Care Policy Forecast: What to Expect in 2018
Health Care Policy Forecast: What to Expect in 2018Health Care Policy Forecast: What to Expect in 2018
Health Care Policy Forecast: What to Expect in 2018Polsinelli PC
 
Lessons learned from litigating real estate development projects
Lessons learned from litigating real estate development projectsLessons learned from litigating real estate development projects
Lessons learned from litigating real estate development projectsPolsinelli PC
 
Blockchain in Health Care
Blockchain in Health CareBlockchain in Health Care
Blockchain in Health CarePolsinelli PC
 
Mitigating Risk When Managing High Dose, Chronic Pain Patients
Mitigating Risk When Managing High Dose, Chronic Pain Patients Mitigating Risk When Managing High Dose, Chronic Pain Patients
Mitigating Risk When Managing High Dose, Chronic Pain Patients Polsinelli PC
 
The Feds Are Coming! Session One: The Rules Have Changed
The Feds Are Coming! Session One: The Rules Have ChangedThe Feds Are Coming! Session One: The Rules Have Changed
The Feds Are Coming! Session One: The Rules Have ChangedPolsinelli PC
 
Diamond Datascram Decimated
Diamond Datascram DecimatedDiamond Datascram Decimated
Diamond Datascram DecimatedPolsinelli PC
 
Artificial Intelligence and Machine Learning
Artificial Intelligence and Machine LearningArtificial Intelligence and Machine Learning
Artificial Intelligence and Machine LearningPolsinelli PC
 
Class Actions Close-Up
Class Actions Close-UpClass Actions Close-Up
Class Actions Close-UpPolsinelli PC
 

Mehr von Polsinelli PC (20)

Tax Cuts & Job Act Implications for Small Business Investments Companies
Tax Cuts & Job Act Implications for Small Business Investments Companies Tax Cuts & Job Act Implications for Small Business Investments Companies
Tax Cuts & Job Act Implications for Small Business Investments Companies
 
Preventing Compliance Quagmires in Senior Living Communities: Part 1 - Can So...
Preventing Compliance Quagmires in Senior Living Communities: Part 1 - Can So...Preventing Compliance Quagmires in Senior Living Communities: Part 1 - Can So...
Preventing Compliance Quagmires in Senior Living Communities: Part 1 - Can So...
 
Life After Escobar – Recent Developments In False Claims Act Litigation
Life After Escobar – Recent Developments In False Claims Act LitigationLife After Escobar – Recent Developments In False Claims Act Litigation
Life After Escobar – Recent Developments In False Claims Act Litigation
 
The Emerald Series: Emily's Road to the Ideal Workplace Get to Work (Off the ...
The Emerald Series: Emily's Road to the Ideal Workplace Get to Work (Off the ...The Emerald Series: Emily's Road to the Ideal Workplace Get to Work (Off the ...
The Emerald Series: Emily's Road to the Ideal Workplace Get to Work (Off the ...
 
Big Decisions: ACO Participation Reforming and Unwinding in 2019
Big Decisions: ACO Participation Reforming and Unwinding in 2019Big Decisions: ACO Participation Reforming and Unwinding in 2019
Big Decisions: ACO Participation Reforming and Unwinding in 2019
 
Tax Cuts & Jobs Act Implications for Banking Institutions
Tax Cuts & Jobs Act Implications for Banking Institutions Tax Cuts & Jobs Act Implications for Banking Institutions
Tax Cuts & Jobs Act Implications for Banking Institutions
 
340B Drug Pricing Under the Microscope
340B Drug Pricing Under the Microscope340B Drug Pricing Under the Microscope
340B Drug Pricing Under the Microscope
 
The Intersection of OCR Enforcement and Health Care Data Privacy & Security
The Intersection of OCR Enforcement and Health Care Data Privacy & SecurityThe Intersection of OCR Enforcement and Health Care Data Privacy & Security
The Intersection of OCR Enforcement and Health Care Data Privacy & Security
 
The Emerald Series: It's (not) in the Handbook
The Emerald Series: It's (not) in the HandbookThe Emerald Series: It's (not) in the Handbook
The Emerald Series: It's (not) in the Handbook
 
Health Care "Prime" - The Future of the Ownership, Organization, Payment, and...
Health Care "Prime" - The Future of the Ownership, Organization, Payment, and...Health Care "Prime" - The Future of the Ownership, Organization, Payment, and...
Health Care "Prime" - The Future of the Ownership, Organization, Payment, and...
 
The Trump Labor Board Goes Back to the Future
The Trump Labor Board Goes Back to the FutureThe Trump Labor Board Goes Back to the Future
The Trump Labor Board Goes Back to the Future
 
Fraud and Abuse - 2017 Year in Review
Fraud and Abuse - 2017 Year in ReviewFraud and Abuse - 2017 Year in Review
Fraud and Abuse - 2017 Year in Review
 
Health Care Policy Forecast: What to Expect in 2018
Health Care Policy Forecast: What to Expect in 2018Health Care Policy Forecast: What to Expect in 2018
Health Care Policy Forecast: What to Expect in 2018
 
Lessons learned from litigating real estate development projects
Lessons learned from litigating real estate development projectsLessons learned from litigating real estate development projects
Lessons learned from litigating real estate development projects
 
Blockchain in Health Care
Blockchain in Health CareBlockchain in Health Care
Blockchain in Health Care
 
Mitigating Risk When Managing High Dose, Chronic Pain Patients
Mitigating Risk When Managing High Dose, Chronic Pain Patients Mitigating Risk When Managing High Dose, Chronic Pain Patients
Mitigating Risk When Managing High Dose, Chronic Pain Patients
 
The Feds Are Coming! Session One: The Rules Have Changed
The Feds Are Coming! Session One: The Rules Have ChangedThe Feds Are Coming! Session One: The Rules Have Changed
The Feds Are Coming! Session One: The Rules Have Changed
 
Diamond Datascram Decimated
Diamond Datascram DecimatedDiamond Datascram Decimated
Diamond Datascram Decimated
 
Artificial Intelligence and Machine Learning
Artificial Intelligence and Machine LearningArtificial Intelligence and Machine Learning
Artificial Intelligence and Machine Learning
 
Class Actions Close-Up
Class Actions Close-UpClass Actions Close-Up
Class Actions Close-Up
 

Kürzlich hochgeladen

Call Now ☎ 9999965857 !! Call Girls in Hauz Khas Escort Service Delhi N.C.R.
Call Now ☎ 9999965857 !! Call Girls in Hauz Khas Escort Service Delhi N.C.R.Call Now ☎ 9999965857 !! Call Girls in Hauz Khas Escort Service Delhi N.C.R.
Call Now ☎ 9999965857 !! Call Girls in Hauz Khas Escort Service Delhi N.C.R.ktanvi103
 
❤️♀️@ Jaipur Call Girl Agency ❤️♀️@ Manjeet Russian Call Girls Service in Jai...
❤️♀️@ Jaipur Call Girl Agency ❤️♀️@ Manjeet Russian Call Girls Service in Jai...❤️♀️@ Jaipur Call Girl Agency ❤️♀️@ Manjeet Russian Call Girls Service in Jai...
❤️♀️@ Jaipur Call Girl Agency ❤️♀️@ Manjeet Russian Call Girls Service in Jai...Gfnyt.com
 
Hot Call Girl In Chandigarh 👅🥵 9053'900678 Call Girls Service In Chandigarh
Hot Call Girl In Chandigarh 👅🥵 9053'900678 Call Girls Service In ChandigarhHot Call Girl In Chandigarh 👅🥵 9053'900678 Call Girls Service In Chandigarh
Hot Call Girl In Chandigarh 👅🥵 9053'900678 Call Girls Service In ChandigarhVip call girls In Chandigarh
 
Hot Call Girl In Ludhiana 👅🥵 9053'900678 Call Girls Service In Ludhiana
Hot Call Girl In Ludhiana 👅🥵 9053'900678 Call Girls Service In LudhianaHot Call Girl In Ludhiana 👅🥵 9053'900678 Call Girls Service In Ludhiana
Hot Call Girl In Ludhiana 👅🥵 9053'900678 Call Girls Service In LudhianaRussian Call Girls in Ludhiana
 
VIP Call Girl Sector 32 Noida Just Book Me 9711199171
VIP Call Girl Sector 32 Noida Just Book Me 9711199171VIP Call Girl Sector 32 Noida Just Book Me 9711199171
VIP Call Girl Sector 32 Noida Just Book Me 9711199171Call Girls Service Gurgaon
 
Vip sexy Call Girls Service In Sector 137,9999965857 Young Female Escorts Ser...
Vip sexy Call Girls Service In Sector 137,9999965857 Young Female Escorts Ser...Vip sexy Call Girls Service In Sector 137,9999965857 Young Female Escorts Ser...
Vip sexy Call Girls Service In Sector 137,9999965857 Young Female Escorts Ser...Call Girls Noida
 
Krishnagiri call girls Tamil aunty 7877702510
Krishnagiri call girls Tamil aunty 7877702510Krishnagiri call girls Tamil aunty 7877702510
Krishnagiri call girls Tamil aunty 7877702510Vipesco
 
💚😋Chandigarh Escort Service Call Girls, ₹5000 To 25K With AC💚😋
💚😋Chandigarh Escort Service Call Girls, ₹5000 To 25K With AC💚😋💚😋Chandigarh Escort Service Call Girls, ₹5000 To 25K With AC💚😋
💚😋Chandigarh Escort Service Call Girls, ₹5000 To 25K With AC💚😋Sheetaleventcompany
 
Call Girl Raipur 📲 9999965857 ヅ10k NiGhT Call Girls In Raipur
Call Girl Raipur 📲 9999965857 ヅ10k NiGhT Call Girls In RaipurCall Girl Raipur 📲 9999965857 ヅ10k NiGhT Call Girls In Raipur
Call Girl Raipur 📲 9999965857 ヅ10k NiGhT Call Girls In Raipurgragmanisha42
 
Call Girls Service Chandigarh Gori WhatsApp ❤7710465962 VIP Call Girls Chandi...
Call Girls Service Chandigarh Gori WhatsApp ❤7710465962 VIP Call Girls Chandi...Call Girls Service Chandigarh Gori WhatsApp ❤7710465962 VIP Call Girls Chandi...
Call Girls Service Chandigarh Gori WhatsApp ❤7710465962 VIP Call Girls Chandi...Niamh verma
 
Call Girls In ludhiana For Fun 9053900678 By ludhiana Call Girls For Pick...
Call Girls In ludhiana For Fun 9053900678 By ludhiana Call Girls For Pick...Call Girls In ludhiana For Fun 9053900678 By ludhiana Call Girls For Pick...
Call Girls In ludhiana For Fun 9053900678 By ludhiana Call Girls For Pick...Russian Call Girls in Ludhiana
 
Dehradun Call Girls Service 08854095900 Real Russian Girls Looking Models
Dehradun Call Girls Service 08854095900 Real Russian Girls Looking ModelsDehradun Call Girls Service 08854095900 Real Russian Girls Looking Models
Dehradun Call Girls Service 08854095900 Real Russian Girls Looking Modelsindiancallgirl4rent
 
Ozhukarai Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Ozhukarai Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetOzhukarai Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Ozhukarai Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetCall Girls Service
 
Call Girl In Zirakpur ❤️♀️@ 9988299661 Zirakpur Call Girls Near Me ❤️♀️@ Sexy...
Call Girl In Zirakpur ❤️♀️@ 9988299661 Zirakpur Call Girls Near Me ❤️♀️@ Sexy...Call Girl In Zirakpur ❤️♀️@ 9988299661 Zirakpur Call Girls Near Me ❤️♀️@ Sexy...
Call Girl In Zirakpur ❤️♀️@ 9988299661 Zirakpur Call Girls Near Me ❤️♀️@ Sexy...Sheetaleventcompany
 
Bangalore call girl 👯‍♀️@ Simran Independent Call Girls in Bangalore GIUXUZ...
Bangalore call girl 👯‍♀️@ Simran Independent Call Girls in Bangalore GIUXUZ...Bangalore call girl 👯‍♀️@ Simran Independent Call Girls in Bangalore GIUXUZ...
Bangalore call girl 👯‍♀️@ Simran Independent Call Girls in Bangalore GIUXUZ...Gfnyt
 
Call Girls Amritsar 💯Call Us 🔝 8725944379 🔝 💃 Independent Escort Service Amri...
Call Girls Amritsar 💯Call Us 🔝 8725944379 🔝 💃 Independent Escort Service Amri...Call Girls Amritsar 💯Call Us 🔝 8725944379 🔝 💃 Independent Escort Service Amri...
Call Girls Amritsar 💯Call Us 🔝 8725944379 🔝 💃 Independent Escort Service Amri...Niamh verma
 
Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8923113531 ...
Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8923113531 ...Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8923113531 ...
Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8923113531 ...gurkirankumar98700
 
VIP Kolkata Call Girl New Town 👉 8250192130 Available With Room
VIP Kolkata Call Girl New Town 👉 8250192130 Available With RoomVIP Kolkata Call Girl New Town 👉 8250192130 Available With Room
VIP Kolkata Call Girl New Town 👉 8250192130 Available With Roomdivyansh0kumar0
 
Call Girls Chandigarh 👙 7001035870 👙 Genuine WhatsApp Number for Real Meet
Call Girls Chandigarh 👙 7001035870 👙 Genuine WhatsApp Number for Real MeetCall Girls Chandigarh 👙 7001035870 👙 Genuine WhatsApp Number for Real Meet
Call Girls Chandigarh 👙 7001035870 👙 Genuine WhatsApp Number for Real Meetpriyashah722354
 
Dehradun Call Girls Service ❤️🍑 8854095900 👄🫦Independent Escort Service Dehradun
Dehradun Call Girls Service ❤️🍑 8854095900 👄🫦Independent Escort Service DehradunDehradun Call Girls Service ❤️🍑 8854095900 👄🫦Independent Escort Service Dehradun
Dehradun Call Girls Service ❤️🍑 8854095900 👄🫦Independent Escort Service DehradunNiamh verma
 

Kürzlich hochgeladen (20)

Call Now ☎ 9999965857 !! Call Girls in Hauz Khas Escort Service Delhi N.C.R.
Call Now ☎ 9999965857 !! Call Girls in Hauz Khas Escort Service Delhi N.C.R.Call Now ☎ 9999965857 !! Call Girls in Hauz Khas Escort Service Delhi N.C.R.
Call Now ☎ 9999965857 !! Call Girls in Hauz Khas Escort Service Delhi N.C.R.
 
❤️♀️@ Jaipur Call Girl Agency ❤️♀️@ Manjeet Russian Call Girls Service in Jai...
❤️♀️@ Jaipur Call Girl Agency ❤️♀️@ Manjeet Russian Call Girls Service in Jai...❤️♀️@ Jaipur Call Girl Agency ❤️♀️@ Manjeet Russian Call Girls Service in Jai...
❤️♀️@ Jaipur Call Girl Agency ❤️♀️@ Manjeet Russian Call Girls Service in Jai...
 
Hot Call Girl In Chandigarh 👅🥵 9053'900678 Call Girls Service In Chandigarh
Hot Call Girl In Chandigarh 👅🥵 9053'900678 Call Girls Service In ChandigarhHot Call Girl In Chandigarh 👅🥵 9053'900678 Call Girls Service In Chandigarh
Hot Call Girl In Chandigarh 👅🥵 9053'900678 Call Girls Service In Chandigarh
 
Hot Call Girl In Ludhiana 👅🥵 9053'900678 Call Girls Service In Ludhiana
Hot Call Girl In Ludhiana 👅🥵 9053'900678 Call Girls Service In LudhianaHot Call Girl In Ludhiana 👅🥵 9053'900678 Call Girls Service In Ludhiana
Hot Call Girl In Ludhiana 👅🥵 9053'900678 Call Girls Service In Ludhiana
 
VIP Call Girl Sector 32 Noida Just Book Me 9711199171
VIP Call Girl Sector 32 Noida Just Book Me 9711199171VIP Call Girl Sector 32 Noida Just Book Me 9711199171
VIP Call Girl Sector 32 Noida Just Book Me 9711199171
 
Vip sexy Call Girls Service In Sector 137,9999965857 Young Female Escorts Ser...
Vip sexy Call Girls Service In Sector 137,9999965857 Young Female Escorts Ser...Vip sexy Call Girls Service In Sector 137,9999965857 Young Female Escorts Ser...
Vip sexy Call Girls Service In Sector 137,9999965857 Young Female Escorts Ser...
 
Krishnagiri call girls Tamil aunty 7877702510
Krishnagiri call girls Tamil aunty 7877702510Krishnagiri call girls Tamil aunty 7877702510
Krishnagiri call girls Tamil aunty 7877702510
 
💚😋Chandigarh Escort Service Call Girls, ₹5000 To 25K With AC💚😋
💚😋Chandigarh Escort Service Call Girls, ₹5000 To 25K With AC💚😋💚😋Chandigarh Escort Service Call Girls, ₹5000 To 25K With AC💚😋
💚😋Chandigarh Escort Service Call Girls, ₹5000 To 25K With AC💚😋
 
Call Girl Raipur 📲 9999965857 ヅ10k NiGhT Call Girls In Raipur
Call Girl Raipur 📲 9999965857 ヅ10k NiGhT Call Girls In RaipurCall Girl Raipur 📲 9999965857 ヅ10k NiGhT Call Girls In Raipur
Call Girl Raipur 📲 9999965857 ヅ10k NiGhT Call Girls In Raipur
 
Call Girls Service Chandigarh Gori WhatsApp ❤7710465962 VIP Call Girls Chandi...
Call Girls Service Chandigarh Gori WhatsApp ❤7710465962 VIP Call Girls Chandi...Call Girls Service Chandigarh Gori WhatsApp ❤7710465962 VIP Call Girls Chandi...
Call Girls Service Chandigarh Gori WhatsApp ❤7710465962 VIP Call Girls Chandi...
 
Call Girls In ludhiana For Fun 9053900678 By ludhiana Call Girls For Pick...
Call Girls In ludhiana For Fun 9053900678 By ludhiana Call Girls For Pick...Call Girls In ludhiana For Fun 9053900678 By ludhiana Call Girls For Pick...
Call Girls In ludhiana For Fun 9053900678 By ludhiana Call Girls For Pick...
 
Dehradun Call Girls Service 08854095900 Real Russian Girls Looking Models
Dehradun Call Girls Service 08854095900 Real Russian Girls Looking ModelsDehradun Call Girls Service 08854095900 Real Russian Girls Looking Models
Dehradun Call Girls Service 08854095900 Real Russian Girls Looking Models
 
Ozhukarai Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Ozhukarai Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetOzhukarai Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Ozhukarai Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
Call Girl In Zirakpur ❤️♀️@ 9988299661 Zirakpur Call Girls Near Me ❤️♀️@ Sexy...
Call Girl In Zirakpur ❤️♀️@ 9988299661 Zirakpur Call Girls Near Me ❤️♀️@ Sexy...Call Girl In Zirakpur ❤️♀️@ 9988299661 Zirakpur Call Girls Near Me ❤️♀️@ Sexy...
Call Girl In Zirakpur ❤️♀️@ 9988299661 Zirakpur Call Girls Near Me ❤️♀️@ Sexy...
 
Bangalore call girl 👯‍♀️@ Simran Independent Call Girls in Bangalore GIUXUZ...
Bangalore call girl 👯‍♀️@ Simran Independent Call Girls in Bangalore GIUXUZ...Bangalore call girl 👯‍♀️@ Simran Independent Call Girls in Bangalore GIUXUZ...
Bangalore call girl 👯‍♀️@ Simran Independent Call Girls in Bangalore GIUXUZ...
 
Call Girls Amritsar 💯Call Us 🔝 8725944379 🔝 💃 Independent Escort Service Amri...
Call Girls Amritsar 💯Call Us 🔝 8725944379 🔝 💃 Independent Escort Service Amri...Call Girls Amritsar 💯Call Us 🔝 8725944379 🔝 💃 Independent Escort Service Amri...
Call Girls Amritsar 💯Call Us 🔝 8725944379 🔝 💃 Independent Escort Service Amri...
 
Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8923113531 ...
Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8923113531 ...Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8923113531 ...
Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8923113531 ...
 
VIP Kolkata Call Girl New Town 👉 8250192130 Available With Room
VIP Kolkata Call Girl New Town 👉 8250192130 Available With RoomVIP Kolkata Call Girl New Town 👉 8250192130 Available With Room
VIP Kolkata Call Girl New Town 👉 8250192130 Available With Room
 
Call Girls Chandigarh 👙 7001035870 👙 Genuine WhatsApp Number for Real Meet
Call Girls Chandigarh 👙 7001035870 👙 Genuine WhatsApp Number for Real MeetCall Girls Chandigarh 👙 7001035870 👙 Genuine WhatsApp Number for Real Meet
Call Girls Chandigarh 👙 7001035870 👙 Genuine WhatsApp Number for Real Meet
 
Dehradun Call Girls Service ❤️🍑 8854095900 👄🫦Independent Escort Service Dehradun
Dehradun Call Girls Service ❤️🍑 8854095900 👄🫦Independent Escort Service DehradunDehradun Call Girls Service ❤️🍑 8854095900 👄🫦Independent Escort Service Dehradun
Dehradun Call Girls Service ❤️🍑 8854095900 👄🫦Independent Escort Service Dehradun
 

Breach Response Matters: Effectively Handling Health Care Cyber Security Incidents

  • 1. Breach Response Matters: Effectively Handling Health Care Cyber Security Incidents
  • 2. Speaker Introductions  Rebecca Frigy Romine, Shareholder, HIPAA|Health Information Privacy and Security, Polsinelli  Montez Fitzpatrick, Director of Information Security and Compliance, Keystone Technologies  J. Monte Shields, Manager, Agency Marketing, The Keane Insurance Group, Inc. 2
  • 3. Agenda  Recent cyber security attacks and threats  Placing your organization in the best position to prevent and respond to an attack  An attack has happened, now what? Health care organization legal obligations and mitigation approaches  Effectively working with your cyber liability insurance carrier and law enforcement 3
  • 4. Recent Cyber Security Attacks, Threats, and Trends  2017 Cyber Healthcare & Life Sciences Survey found that 47 percent of providers and health plans had a security-related HIPAA violation or a cybersecurity attack that impacted data.  Increase of 10% from 2015  Office for Civil Rights data regarding Breaches involving 500+ individuals  Ransomware – WannaCry  Phishing and Social Engineering  Other Attacks 4
  • 5. Preparing for a Cybersecurity Attack It’s not a matter of IF an attack will occur, but rather WHEN… Steps to take to help address the WHEN:  Implementing an effective compliance program  Information assurance and information system architecture  Obtaining adequate cyberliability coverage 5
  • 6. Key Security-Related Aspects of an Effective Compliance Program  View the HIPAA Security Rule only as a baseline and policy framework requirement – Risk Analysis and Risk Management Plans – Encryption and password management – “Addressable” does not mean “Optional”  Ensuring internal/external expertise is readily available  Effective workforce training and monitoring  Effective incident response procedures 6
  • 7. Incident Handling Preparation  Value of Information Assurance 7
  • 8. Value of Information Assurance Triple Funnel INTELLIGENCE RISK BUSINESS CONTINUITY 8
  • 9. Value of Information Assurance Triple Funnel INTELLIGENCE RISK BUSINESS CONTINUITY Ø actualize assign realize 9
  • 10. Value of Information Assurance Triple Funnel INTELLIGENCE actualize What assets do we have; What are they worth? Who are our adversaries; What are their capabilities? Ø 10
  • 11. Value of Information Assurance Triple Funnel RISK assign Analysis Management Assessment 11
  • 12. Value of Information Assurance Risk Assessment 12
  • 13. Value of Information Assurance Triple Funnel BUSINESS CONTINUITY realize Operations 13
  • 14. Value of Information Assurance BUSINESS CONTINUITY Operations EMERGENCY MODE OPERATIONS DISASTER RESPONSE INCIDENT HANDLING BUSINESS CONTINUITY BUSINESS CONTINUITY 14
  • 15. Phases of Incident Management  PREPARATION  IDENTIFICATION  CONTAINMENT  ERADICATION  RECOVERY  LESSONS LEARNED 15
  • 16. Incident Handling Preparation When you have an incident. . . . . . Will you be ready? 16
  • 17. Incident Handling Preparation  Assign Roles and Responsibilities  Assert Information needed to Construct Event  Define Relationships with Third Parties  Train your Team 17
  • 18. Cyberliability Coverage  Risk Management Solutions – Eliminate Risk • For some risks this is impossible – Minimize/Reduce Risk • Risk Analysis – make adjustments/corrections • HIPAA Compliance • Train Staff – security, notification, response – Transfer Risk – Insurance • Purchase a separate policy 18
  • 19. Cyberliability Coverage  Types of coverage  Medical malpractice policies have limited coverage for Cyber Liability – Covers only named insured – Limited liability limits – Limited coverage  Most GL policies and BOPs exclude Cyber Liability or have limited coverage – Needs to be added by a rider or endorsement – Limited coverage – No coverage for regulatory violations 19
  • 20. Cyberliability Coverage  Purchase Stand Alone Coverage – Make sure the policy includes: • $1,000,000 limit • Data loss • Data breaches • Regulatory violation coverage – HIPAA, HITECH, RAC, etc. • Notification expenses, credit monitoring, forensics, PR • Business interruption • Multimedia coverage for slander, libel, copyright, false ads • Read the exclusions  Reporting and working with your insurance carrier 20
  • 21. Effectively Responding to an Attack  Time is of the Essence – Immediate Isolation – Notification Timeframes (including insurance carrier)  Engaging Outside Assistance – Security forensic experts – Legal counsel – Law Enforcement  Returning to Business As Usual 21
  • 22. Legal Obligations Following an Attack  HIPAA Breach Risk Assessment and Notification Obligations – Must consider whether PHI was unavailable, not just whether it was impermissibly accessed, used, or disclosed.  State Law Notification Requirements  Addressing Weaknesses and Vulnerabilities  Preparing for a Potential Investigation 22
  • 23. Key Takeaways  Too small to be a target is a myth.  Preparation does not equate to Prevention, but is the most important mitigation step.  All individuals at your organization are responsible and need to be involved.  Time is always of the essence.  Human error cannot be 100% prevented, but awareness goes a long way. 23
  • 24. Polsinelli provides this material for informational purposes only. The material provided herein is general and is not intended to be legal advice. Nothing herein should be relied upon or used without consulting a lawyer to consider your specific circumstances, possible changes to applicable laws, rules and regulations and other legal issues. Receipt of this material does not establish an attorney-client relationship. Polsinelli is very proud of the results we obtain for our clients, but you should know that past results do not guarantee future results; that every case is different and must be judged on its own merits; and that the choice of a lawyer is an important decision and should not be based solely upon advertisements. © 2017 Polsinelli PC. In California, Polsinelli LLP. Polsinelli is a registered mark of Polsinelli PC 24