fbpx
Blog March 20, 2014

How to Respond to a Data Breach

Rarely does a day go by without news of yet another data breach. It has become clear that a data breach can affect any type of organization and the results can be detrimental. It is absolutely important that breaches are handled quickly and organizations comply with all state and federal regulations.

Some things to consider when evaluating a possible data breach are:

1.       Confirm a data breach truly happened.

  • Conduct an investigation to determine whether personal information was truly compromised.
  • Don’t hesitate to bring in third party experts.
  •  Conduct the investigation as soon as possible.

2.       If a breach did occur, identify the nature, extent, and scope of the breach.

  • When and how did the breach occur?
  • How many parties and records could possibly be affected?
  • Was information compromised that may be subject to HIPAA?

3.       Identify legal obligations triggered by the breach.

  • Did the breach trigger legal obligations under HIPAA, the state’s data security laws, or FTC requirements?
  • Did the breach trigger any contractual obligations?

4.       Provide required notices to all parties involved.

  • Ensure compliance with legal notice requirements (timing, manner and content).
  • Notify the Board of Directors, shareholders, employees, and auditors if appropriate.
  • Notify affected individuals and identify how the organization will assist them.
  • Notify law enforcement authorities and State and Federal regulators if necessary.
  • Send out notifications in a timely manner.

5.       Resolve the breach and take measures to ensure it doesn’t happen again

  • Take appropriate measure to immediately contain the breach.
  • If the incident involved stolen laptops or servers, inform law enforcement.
  • If applicable, offer free credit monitoring and fraud alerts to affected individuals.
  • Dedicate resources to address any inquiries regarding the breach.
  • Update the organization’s security procedures.

6.       Cooperate with Government Investigators.

  • Do not hide or withhold any information.
  • Be responsive to requests.
  • Be able to show documentations of all actions taken by the organizations in response to the breach.

 

To read the full guide or to get more information, feel free to contact our pre-sales engineers at blog@connectria.com.

This article was produced using content created by Milada Goturi of Thompson Coburn’s Health Law Practice Group.

Related Resources

 
Cloud Control for the Forward-Thinking CTO
Today’s CIOs and CTOs understand that growing complexity in their infrastructure means growing complexity in their IT management strategies. However, as technology rarely develops in…
 
7 Tips for a Successful Multi-Vendor Cloud Migration
As much as an organization might try to control the number of technology vendors they work with, there are almost always several organizations involved –…
 
Protect Your Clients, Their Customers, AND Yourself with Regulation Compliant Hosting
For many businesses, compliance is an essential component of what you do and how you protect your customers. Whether you’re in the healthcare sector, financial…