In 2015, a cyber attack on a U.S. health system compromised the information of close to 80 million people.[i] This attack was one of several that targeted the healthcare industry in 2015, and with even more cyber attacks predicted in 2016,[ii] it is crucial that healthcare entities are ready for any potential data breaches.
The occurrence of a data breach in healthcare used to be nonexistent, but with the switch to electronic health records and as providers increasingly use electronic transmissions they are becoming more common. A medical record breach is a bigger target for hackers, even a partial medical record, when sold on the black market, is more valuable than a credit card number. These breaches are often not discovered in a timely manner, which allows more time for the use of the information found in a medical record.
On average, most organizations don’t even detect a breach for at least 270 days; still, the danger begins the moment a cyber attack starts, not whenever it happens to be discovered.[iii] Therefore, it is crucial to act quickly once the breach is detected and having a plan in place prior to an attack will help expedite your response.
Here are six steps you should take once you’ve learned about a cyber attack:[iv]
- Summon information technology and insurance professionals – It’s important to have a technology expert available to help you begin the process of investigating the breach. You’ll also want to contact your cyber liability insurance carrier.
- Preserve any and all evidence you uncover – As you begin to determine how the breach occurred – it’s important to preserve any and all evidence.
- Begin an investigation – focusing on incident, damage, and cause – Starting with your insurance and information technology professionals, begin an investigation to determine how the breach occurred, how many people it affected and what can be done to prevent it from happening again.
- Determine what, how, and when to reveal the breach to customers, employees and the public – This is a very important aspect of any cyber attack. You want to provide everyone with as much information as possible including: what happened; how it happened; what you will do for the victims; and what you will do to make sure it doesn’t happen again. Though gathering this information may take some time, it’s critical not to wait too long before informing everyone.
- Arrange to offer a customer credit or other protection service – This service should be set up before you contact customers. Use caution before agreeing to pay for this service upfront as some clients may not want it.
- Notify law enforcement – Once its clear the incident constitute criminal activity the FBI must be notified.
To help with a seamless initial response, you may want to consider building a crisis management team that incorporates legal, insurance, human resources, information technology, public relations, forensics, consultants and other resources you deem necessary. There should be clear accountability for the team to develop and maintain a response plan. In the event of a breach, this team would manage the investigation and response with roles and responsibilities clearly defined prior to any attack. With a plan and team already in place, some of the stress surrounding this event and investigation may be alleviated.
If you’d like to know more about the cyber liability policy offered through MagMutual please visit http://www.magmutual.com/cyber-liability or contact Ken Bennett at KBennett@magmutual.com or 404-842-5550.
[i] Mathews, Anna Wilde.. Anthem: Hacked Database Included 78.8 Million People http://www.wsj.com/articles/anthem-hacked-database-included-78-8-million-people-1424807364. February 24, 2015
[ii] Thies, Brad. 5 steps to protect against hackers. http://www.medicalpracticeinsider.com/news/5-steps-protect-against-hackers?utm_content=22954131&utm_medium=social&utm_source=twitter. December 7, 2015.
[iii] Sullivan, Tom. 7 cyber threats worse than PHI breaches. http://www.healthcareitnews.com/news/7-cyber-threats-other-phi-or-pii-breaches?utm_content=22545446&utm_medium=social&utm_source=twitter. December 1, 2015.
[iv] Simpson, Andrew G. Hypothetically, Here’s How to Respond to a Data Breach. http://www.insurancejournal.com/news/national/2014/11/13/347037.htm#.VNUO5zZLTS8.email. November 13, 2014.