ID Experts is in the business of dealing with privacy breaches. They have a variety of incident response services and tools. Today Jeremy Henley, Director of Breach Services, ID Experts joins us to talk about breach response plans.
A Breach Response Plan is something you will need, not something that you may need.
[7:57] It isn’t a matter of if you will have a breach but when you will have one. The questions you have to answer in your business are:- How much can you limit what they can do when they get in by working your compliance and security plans
- Are you prepared with an effective breach response plan to handle the fallout when it does happen.
The details required in your breach response plan lays out how you handle the long list of things that have to be addressed when the bad things happen.
Breaches happen to all types and sizes of businesses. Since every breach is a unique case there has to be a way to address things in a customized way based on the type and size of the breach while having an overall plan to handle all breach cases no matter the type or size. To build your plan you have to think about things both ways.
It would be really difficult to have a for-profit fire department because you just don’t know when you are going to need them. – Jeremy Henley
Your breach response plan has to account for all kinds of things. The list of services bundled by ID Experts is based on things people actually need them to do after a breach. Using that list can help you check your plan details to make sure you have it all covered, too.
ID Experts Your Response Package of Products
- Forensics
- Notification & Crisis Communications
- Credit Monitoring
- Identity Monitoring
- Health Monitoring
- CyberScan
- ID Theft Insurance and ID Theft Recovery
Your plan needs to address how to deal with breaches of information relating to people who aren’t in your local area. Do you ever see a patient from out of town or one that moves?
[23:20] Does your staff really know what to do if someone puts a microphone in their face asking about the breach you just had to publish in a news release. If you aren’t prepared when these stressful things happen you can lose control quickly. [26:33] Identity theft protection is one thing but what about your medical record information. How do you cancel a medical record? There are all kinds of protections you can offer to patients or at least explain to them as an option. [33:11] Once you do have a plan the entire team involved in breach response needs to be trained. Your plan should also be reviewed and tested on a regular basis. Testing is usually done in a discussion format. Do a tabletop drill where you discuss scenarios and how you will respond. [36:03] Is CyberSecurity Insurance worth it? Yes. Be aware of what you are getting and what is covered – that should also be part of the plan. Use a broker that really understands cybersecurity policies for HIPAA CEs and BAs. [box type=”shadow”]Relevant Information or Mentioned EpisodesEpisode 11: Ponemon 2014 Healthcare Breaches
Episode 12: Breach Response Plans
Episode 22: So you think your covered by cybersecurity insurance. Well….
[/box]
