Blog March 20, 2014

How to Respond to a Data Breach

Rarely does a day go by without news of yet another data breach. It has become clear that a data breach can affect any type of organization and the results can be detrimental. It is absolutely important that breaches are handled quickly and organizations comply with all state and federal regulations.

Some things to consider when evaluating a possible data breach are:

1.       Confirm a data breach truly happened.

  • Conduct an investigation to determine whether personal information was truly compromised.
  • Don’t hesitate to bring in third party experts.
  •  Conduct the investigation as soon as possible.

2.       If a breach did occur, identify the nature, extent, and scope of the breach.

  • When and how did the breach occur?
  • How many parties and records could possibly be affected?
  • Was information compromised that may be subject to HIPAA?

3.       Identify legal obligations triggered by the breach.

  • Did the breach trigger legal obligations under HIPAA, the state’s data security laws, or FTC requirements?
  • Did the breach trigger any contractual obligations?

4.       Provide required notices to all parties involved.

  • Ensure compliance with legal notice requirements (timing, manner and content).
  • Notify the Board of Directors, shareholders, employees, and auditors if appropriate.
  • Notify affected individuals and identify how the organization will assist them.
  • Notify law enforcement authorities and State and Federal regulators if necessary.
  • Send out notifications in a timely manner.

5.       Resolve the breach and take measures to ensure it doesn’t happen again

  • Take appropriate measure to immediately contain the breach.
  • If the incident involved stolen laptops or servers, inform law enforcement.
  • If applicable, offer free credit monitoring and fraud alerts to affected individuals.
  • Dedicate resources to address any inquiries regarding the breach.
  • Update the organization’s security procedures.

6.       Cooperate with Government Investigators.

  • Do not hide or withhold any information.
  • Be responsive to requests.
  • Be able to show documentations of all actions taken by the organizations in response to the breach.

 

To read the full guide or to get more information, feel free to contact our pre-sales engineers at blog@connectria.com.

This article was produced using content created by Milada Goturi of Thompson Coburn’s Health Law Practice Group.

Related Resources

 
The 10 Hardest IT Roles to Fill
Having a hard time filling open positions in IT? You’re not alone. Here are the 10 most difficult roles to fill according to the 2018…
 
The Difference Between a Multi-Cloud and a Hybrid Cloud
The IBM Institute for Business Value recently surveyed over 1000 executives across 19 different industries and found that 85% of these execs ran organizations with…
 
Catching Up in the Race for Digital Transformation
It seems that digital transformation is on every CIO’s agenda for 2019. What this means varies, from leveraging artificial intelligence (AI) and machine learning for…