SlideShare a Scribd company logo

Data Breach: It Can Happen To You

Download as PPTX, PDF
Cooperative of American Physicians, Inc.
Cooperative of American Physicians, Inc.

Health care providers have become prime targets of cyber criminals, since they hold a treasure trove of irresistible data, including Social Security numbers and medical records (think access to prescription painkillers). As cyber criminals become more sophisticated, medical practices are more vulnerable than ever. In this webinar "Data Breach: It Can Happen To You," hosted by the Cooperative of American Physicians, Inc. (CAP), viewers will learn: + What a data breach is + Its economic impact + Why the threat is growing + Steps to take to protect yourself + The must-dos in the event of a breach Watch the webinar here —> https://youtu.be/mqdMA-UZNy0 About Our Presenters: Melvin Osswald, Vice President Program Underwriting, NAS Insurance — Ms. Osswald joined NAS in 2002 and specializes in health care, cyber liability, employment practice, directors and officers coverage. Ms. Osswald currently supports NAS’ reinsurance programs and oversees the underwriting and product development of Billing Errors and Omissions, Cyber Liability, Employment Practices Liability, and Directors and Officers programs created to address the new exposures facing health care providers. She has been featured as a guest speaker at various industry conferences addressing the evolving professional liability risks in health care, and served on the Steering Committee of the Southern California Chapter of the Professional Liability Underwriting Society. Chris Reese, Vice President, Director of Underwriting, NAS Insurance — As part of NAS’ key management team, Ms. Reese provides insurance solutions for clients in the health care industry. She has held leadership positions on both the underwriting and retail broker sides of the business, and has worked in the London market for a reinsurance intermediary. Ms. Reese has been involved with cyber risk insurance for the health care industry since 2004, providing coverage to physicians, medical groups, and integrated delivery systems. MORE SLIDESHARE PRESENTATIONS http://www.slideshare.net/capphysicians/presentations VISIT OUR WEBSITE http://www.cappphysicians.com LET'S CONNECT Twitter: http://www.twitter.com/CAPphysicians LinkedIn: https://www.linkedin.com/company/cooperative-of-american-physicians-inc- Facebook: http://www.facebook.com/CooperativeofAmericanPhysiciansInc Youtube: http://youtube.com/CAPphysicians Google+: http://www.google.com/+Capphysicians

Healthcare
1 of 42
Data Breach: It Can Happen to You Chris Reese • Vice President, Director of Underwriting Melvin Osswald • Vice President, Program Underwriting
2 An educational program presented by the Cooperative of American Physicians, Inc.
The information in this presentation should not be considered legal advice applicable to a specific situation. Legal guidance for individual matters should be obtained from a retained attorney. 3
A Data Breach Is Not A Disaster. Mishandling It Is. 4
Introduction: Complexity of Cyber Threats has Grown Dramatically  US businesses face increasingly sophisticated threats that outstrip traditional defenses  Economics of cybersecurity favor the attackers  Reputational harm is significant  Competing pressures within organizations  Deploy IT resources to mitigate risk as well as to advance the required business technologies to service customers and compete 5
Economic Motivation Estimate 95% of attacks are economically motivated Attempting to steal data  Corporate trade secrets  Personal information (Name/address/SS#/banking info)  Health insurance information  Medical history information  Employee records 6
Advanced Persistent Threats – “High End Attacks” 7  Ultra sophisticated teams of cyber criminals  Deploy increasingly targeted malware in multi staged stealth attacks  Goal – penetrate all of the perimeter defense systems  Intruders look at multiple avenues to exploit all layers of security vulnerabilities until they reach their goal  Cyber security field consensus – criminals are ahead of the corporations that need to defend themselves
8 Vulnerability is not limited to External Threats - “Low End Attacks”  Employees – poorly trained, not following required protocols, disgruntled  Subcontractors and independent contractors  “BYOD” – bring your own device  Any party that the company connects to electronically creates a vulnerability – vendor and partner management
9 Question  Has your facility or group experienced a cyber breach?
10 In the News In 2013 and 2014, the Identity Theft Resource Center (ITRC) documented nearly 1,400 data breaches in the US, including:  Target – 110,000,000 Records Compromised  Anthem Breach – 78,800,000 Records Compromised (source: USA Today April 14, 2015)  Home Depot– 56,000,000 Records Compromised  IRS – 1,400,000 Records Compromised  J.P Morgan Chase – 1,000,000 Records Compromised  Saint Joseph Health System – 405,000 Records Compromised  University of Maryland – 309,079 Records Compromised
11 In the News cont. In 2013 and 2014, the Identity Theft Resource Center (ITRC) documented nearly 1,400 data breaches in the US, including:  Touchstone Medical Imaging (TN) – 307,528 Records Compromised  Sutherland Healthcare Solutions – 168,500 Records Compromised  Indiana University – 146,000 Records Compromised  Orthopaedic Specialty Institute (AL) – Iron Mountain 49,714 Records Compromised  Office of Nisar Quraishi (NY) – 20,000 Records Compromised  Office of Dennis Flynn, M.D. (IL) – 13,646 Records Compromised
What is a Breach?  A breach is defined as an event in which an individual name plus Social Security number (SSN), driver’s license number, medical record or a financial record/credit/debit card is potentially put at risk.  Paper or Electronic records  Potential Security Threats  Compromise the integrity, security or confidentiality of information  Circumstances where a data breach may have happened or could happen in the future. (e.g. lost flash drive with PII) 12
13 Identity Theft Resource Center (ITRC) documented 783 U.S. data breaches in 2014, representing a 27.5% increase over the number of breaches reported in 2013 *  42.5% of the breaches were in the medical/healthcare industries.  Hacking incidents represented the leading cause of data breach incidents, accounting for 29% of the breaches tracked by the ITRC.  This was followed for the second year in a row by breaches involving Subcontractor/Third Party at 15.1 %. Number of Breaches is on the Rise * http://www.idtheftcenter.org/ITRC-Surveys- Studies/2014databreaches.html
Question  Are data breaches more likely to be caused by a hacker or malware/virus penetrating the cyber defense?  Hacker  Malware/virus 14
Claims – Source of Exposed Data (source NetDiligence report 2014) Percentage of Records Exposed by Cause of Loss Hacker 74% Malware/Virus 23% Theft of Hardware All other 15
MISSION: CRITICAL 16 Highly valuable information to cyber criminals
Regulatory Climate 17  Health Insurance Portability and Accountability Act of 1996 (HIPAA)  Health Information Technology for Economic and Clinical Health Act (HITECH)  Variety of State laws
Why are Healthcare Providers a Target? 18 Privacy exposures: Personally Identifiable Information (PII) Protected Health Information (PHI)  Medical records (electronic and paper)  Billing information (credit cards, addresses, bank information, etc.)  Insurance information  Social Security numbers  Employee information  Corporate/Financial information
19 Sources of Exposure  Negligence & carelessness  Lost or stolen laptops & other portable devices  Improper disposal of records  Lack of system protections  Increased use of electronic databases  Outsourcing of services  Rogue employees
Costs of a Data Breach 20 Our results show that the cost to respond to a data breach is usually between $10- $30 per record for breach response services that include some legal expenses, patient notification letters, call center support, and credit monitoring services. (Keep in mind this number is an average. Costs can exceed $30 a record in some cases. IT costs, Legal fees, and government fines are additional.)
A Simplified View of a Data Breach Handling the Long-Term ConsequencesManaging the Short-Term Crisis Evaluation of the Data Breach Discovery of a Data Breach Forensic Investigation and Legal Review Notification and Credit Monitoring Class-Action Lawsuits Regulatory Fines, Penalties, and Consumer Redress Public Relations Reputational Damage Income Loss 21
22 Clinic hit with $150,000 HIPAA Penalty Breach Investigation Triggers Resolution Agreement  A federal investigation of a relatively small breach has resulted in a financial penalty for a physician group practice in Massachusetts. The HHS Office for Civil Rights (OCR) opened an investigation of APDerm upon receiving a report that an unencrypted thumb drive containing the electronic protected health information (ePHI) of approximately 2,200 individuals was stolen from a vehicle of one its staff members. The thumb drive was never recovered.  The investigation revealed that APDerm had not conducted an accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality of ePHI as part of its security management process. Further, APDerm did not fully comply with requirements of the Breach Notification Rule to have in place written policies and procedures and train workforce members.  In addition to the $150,000 HIPAA Penalty, the settlement includes a corrective action plan requiring APDerm to develop a risk analysis/ risk management plan to address and mitigate any security risks and vulnerabilities, as well as to provide an implementation report to OCR.  The Department of Health and Human Services' Office for Civil Rights on Dec. 26, 2013 announced a resolution agreement with Adult & Pediatric Dermatology, PC of Concord, Mass. Cyber Liability Coverage Claims Example (SOURCE: HHS.Gov, December, 2013)
23 Hospital Notifies Six Years’ Worth of Patients After Breach  A stolen, unencrypted laptop computer has caused Gibson General Hospital in Princeton, Ind., to notify all 29,000 patients treated during the past six years of a breach of their protected health information.  The password-protected laptop was among the items stolen during a burglary of an employee's home on Nov. 27, 2012, according to the hospital. Some employees are permitted to bring home laptops; the employee required 24-hour access to the electronic health records system, according to the hospital.  The laptop has not been found and the hospital cannot determine which patients had information on it, so it is notifying all patients since January 2007 when the EHR was implemented. But the clinical records contain names, addresses, Social Security numbers and treatment details, among other information. There is no indication the data has been accessed, according to a notice to patients.  Gibson General Hospital is offering affected patients one year of free credit monitoring and identity theft protection services. Cyber Liability Coverage Claims Example (SOURCE: NAS Claims Department)
Breaches in the News $50 Million Class Action Lawsuit Against Long Island Health System Twelve people have filed a $50 Million class-action lawsuit against Long Island Health System and North Shore University Hospital, where thieves stole physical paper records called “face sheets” plus encrypted digital files that contained patient information such as insurance numbers, Social Security numbers, dates of birth, address and medical histories. (Source: Modern Healthcare, Feb. 2013) 24
25 $400,000 Penalty in HIPAA Case An Idaho State University has agreed to pay $400,000 as part of a resolution agreement stemming from an incident it reported in August 2011 that potentially could have exposed information on 17,500 patients at the university’s Pocatello Family Medicine Clinic. Patient information was vulnerable for at least 10 months because a firewall protecting a server was disabled, according to the Department of Health and Human Services’ Office for Civil Rights. (SOURCE: Government Information Security, May 2013) Breaches in the News
26 Three laptops stolen from New York podiatry office, 6,475 at risk Nearly 6,500 patients of Sims and Associates Podiatry may have had personal information compromised after three laptops containing the patient data were stolen from the New York office. The types of personal information at risk included names, addresses, Social Security numbers, phone numbers, genders, ages, and personal health and insurance information. (Also visit dates, vascular testing information, weights and prescribes orthotics, x-ray dates and imaging…) A notification was posted on the Sims and Associates Podiatry website (SOURCE: Sims and Associates Podiatry, Important Security and Protection Notification, April, 2014) Breaches in the News
27 When evaluating your business’ exposure to a potential data breach, you need to consider: Type of information stored System protections, including encryption Employee access and education Business associate agreements In-house resources for the breach response plan/team Cyber Liability Insurance coverage All of the above Question
 Type of information stored  System protections, including encryption  Employee access & education  Business associate agreements  Breach response plan/team  Cyber Liability Insurance 28 Risk Assessment
Four Basic Security Controls  Restricting user installation of applications (“whitelisting”)  Ensuring that the operations system is patched with current updates  Ensuring software applications have current updates  Restricting Administrative privileges 29
30 CyberRisk Insurance - comprehensive data security and privacy insurance  Crisis Management Expenses and Breach Response: Retain legal, forensic and public relations experts  Customer Notification Expenses and Customer Support Expenses: Mandated by Federal and State laws  Security & Privacy Liability: Defense and settlement for lawsuits from third parties  Privacy Regulatory Defense and Penalties: Regulatory protection  Cyber Terrorism: Loss of income due to attack on network from terrorists  Cyber Extortion: Extortion expenses and monies  Multimedia Liability: Defense and settlement for lawsuits from third parties for copyright or trademark infringement, libel or slander, or plagiarism for online and offline media  Network Asset Protection: Loss of income and reimbursement for costs to replace data Coverage Summary
Consider the Costs 31  Cost to consult with an experienced attorney – Cost can range from $5,000 to $50,000 depending on the scope and complexity of the breach.  IT Forensics – IT Forensic investigation costs can range from $5,000 to $100,000 + depending on the circumstances.  Patient Notification – Plan on $1-3 per record depending on quantity.  Patient Call Center Support – The cost is usually between $5,000-$20,000, depending on the circumstances.  Credit Monitoring – This costs between $10-$30 per individual that signs up for the service.  Public Relations Expenses – Costs vary widely depending on the service provided and on the size and scope of the breach.
Question 32 Which of the following are important risk management steps? Assign one person to be ultimately responsible for privacy and data security Have a plan to address data security incidents Determine where PHI or PII is stored Conduct a risk assessment Control vendors and business partners Continuous workforce training Annual update on company policy regarding privacy and compliance All of the above
Cyber Liability Risk Management Website 33 33 • Compliance materials by state • Templates are provided to help insured's implement policies and procedures
Cyber Liability Risk Management Website 34 34 • Summary of state specific law for security breach notification • Template of Business Associates Agreement, Vendor Agreement, etc.
Compliance Basics – 8 Point Compliance Checklist And Procedures 35 Assign ultimate privacy and data security responsibility to 1 person  Accountability  Focus Prepare for data security incidents  Back up plan if network goes down  Restoration plan  Notification to CAP
Compliance Basics – 8 Point Compliance Checklist And Procedures 36 Determine where Personal Information is stored  Network  Back up tapes  Cloud  Downloaded onto portable devices / laptops  Paper files (what is at your house?)  Who has remote access? Downloaded files..
Compliance Basics – 8 Point Compliance Checklist And Procedures 37 Conduct a risk assessment  Identify areas of greatest vulnerability and address these first  Encryption for portable devices  HIPAA compliance training  Patch management
Compliance Basics – 8 Point Compliance Checklist And Procedures 38 Mitigate against identified risks Control your vendors and business partners  Look at contracts for indemnification  Control access; password management Implement a continuous workforce training and awareness program  Training – at least annually; including all staff Review and Update Company policy – at least annually
39 Reduce Risk – Utilize the Risk Management Website  Risk Assessment tools  Risk Management tips and Best Practices  Reduce Risk Easily – simple steps to do now  Be prepared – steps to take now  Policies – download
40 Manage Breach- Responding to an Incident  Immediate Response – mitigate the potential damage to patients by acting quickly  Breach Notification Requirements – must comply with both Federal and State Law  Report Data Breach – insurance policy includes coverage to retain counsel to advise on the proper response
41 Summary  Proactive steps – critical to minimize and prevent breaches  Encryption  Utilize the resources that CAP includes for all insured members  Training – both proactive and defense measure  Report Data Breach – insurance coverage includes immediate breach response management
Thank You 42 Chris Reese Vice President, Director of Underwriting Melvin Osswald Vice President, Program Underwriting www.nasinsurance.com

Recommended

Hippa breaches
Hippa breachesHippa breaches
Hippa breachesViSolve, Inc.
 
Technologies and procedures for HIPAA compliance
Technologies and procedures for HIPAA complianceTechnologies and procedures for HIPAA compliance
Technologies and procedures for HIPAA complianceJack Shaffer
 
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...Hybrid Cloud
 
Digital Health Data
Digital Health DataDigital Health Data
Digital Health DataShahidul Islam Khan Nayeem
 
Reasons for the Popularity of Medical Record Theft
Reasons for the Popularity of Medical Record TheftReasons for the Popularity of Medical Record Theft
Reasons for the Popularity of Medical Record TheftOPSWAT
 
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...mosmedicalreview
 
Sarah Kim HIPAA for Small Providers
Sarah Kim HIPAA for Small ProvidersSarah Kim HIPAA for Small Providers
Sarah Kim HIPAA for Small ProvidersSarah Kim
 
Safeguarding Patient Privacy in a Digital Age (Brian Kalis)
Safeguarding Patient Privacy in a Digital Age (Brian Kalis)Safeguarding Patient Privacy in a Digital Age (Brian Kalis)
Safeguarding Patient Privacy in a Digital Age (Brian Kalis)U.S. News Healthcare of Tomorrow
 

Recommended

Hippa breaches
Hippa breachesHippa breaches
Hippa breachesViSolve, Inc.
 
Technologies and procedures for HIPAA compliance
Technologies and procedures for HIPAA complianceTechnologies and procedures for HIPAA compliance
Technologies and procedures for HIPAA complianceJack Shaffer
 
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...Hybrid Cloud
 
Digital Health Data
Digital Health DataDigital Health Data
Digital Health DataShahidul Islam Khan Nayeem
 
Reasons for the Popularity of Medical Record Theft
Reasons for the Popularity of Medical Record TheftReasons for the Popularity of Medical Record Theft
Reasons for the Popularity of Medical Record TheftOPSWAT
 
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...mosmedicalreview
 
Sarah Kim HIPAA for Small Providers
Sarah Kim HIPAA for Small ProvidersSarah Kim HIPAA for Small Providers
Sarah Kim HIPAA for Small ProvidersSarah Kim
 
Safeguarding Patient Privacy in a Digital Age (Brian Kalis)
Safeguarding Patient Privacy in a Digital Age (Brian Kalis)Safeguarding Patient Privacy in a Digital Age (Brian Kalis)
Safeguarding Patient Privacy in a Digital Age (Brian Kalis)U.S. News Healthcare of Tomorrow
 
Cybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryCybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryEMC
 
Health Care Technology And Privacy
Health Care Technology And PrivacyHealth Care Technology And Privacy
Health Care Technology And PrivacyScott Fikes
 
Cost of Data Breah in Healthcare_Quinlan, Courtney
Cost of Data Breah in Healthcare_Quinlan, CourtneyCost of Data Breah in Healthcare_Quinlan, Courtney
Cost of Data Breah in Healthcare_Quinlan, Courtneycourtneyquinlan
 
Protecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to KnowProtecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to KnowNetwork 1 Consulting
 
Legal Aspects in Health Informatics
Legal Aspects in Health InformaticsLegal Aspects in Health Informatics
Legal Aspects in Health InformaticsNawanan Theera-Ampornpunt
 
Threatsploit Adversary Report January 2019
Threatsploit Adversary Report January 2019Threatsploit Adversary Report January 2019
Threatsploit Adversary Report January 2019Briskinfosec Technology and Consulting Pvt Ltd
 
HITECH-Changes-to-HIPAA
HITECH-Changes-to-HIPAAHITECH-Changes-to-HIPAA
HITECH-Changes-to-HIPAAGurvinder Singh, CISSP, CISA, ITIL v3
 
Legal Aspects in Health Informatics
Legal Aspects in Health InformaticsLegal Aspects in Health Informatics
Legal Aspects in Health InformaticsNawanan Theera-Ampornpunt
 
HIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowHIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowShred-it
 
Universal Unique Patient Information Identifier UUPII
Universal Unique Patient Information Identifier UUPIIUniversal Unique Patient Information Identifier UUPII
Universal Unique Patient Information Identifier UUPIIFrank Avignone
 
GIST 698 Research Paper
GIST 698 Research PaperGIST 698 Research Paper
GIST 698 Research PaperRyan Flanagan
 
Hitech Act
Hitech ActHitech Act
Hitech ActISACA New England
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentDonald E. Hester
 
Your healthy practice July/August 2011
Your healthy practice July/August 2011Your healthy practice July/August 2011
Your healthy practice July/August 2011Kushner LaGraize, LLC
 
Hitech Act
Hitech ActHitech Act
Hitech ActDeborah Obasogie
 
Complete feasibility report
Complete feasibility reportComplete feasibility report
Complete feasibility reportSharon Nemecek
 
Protecting Patient Information - Feds Find Security Lapses in State and Local...
Protecting Patient Information - Feds Find Security Lapses in State and Local...Protecting Patient Information - Feds Find Security Lapses in State and Local...
Protecting Patient Information - Feds Find Security Lapses in State and Local...Patton Boggs LLP
 
Chronology of Data Breaches
Chronology of Data BreachesChronology of Data Breaches
Chronology of Data Breaches- Mark - Fullbright
 
Cscu module 12 information security and legal compliance
Cscu module 12 information security and legal complianceCscu module 12 information security and legal compliance
Cscu module 12 information security and legal complianceAlireza Ghahrood
 
HIPAA and RHIOs
HIPAA and RHIOsHIPAA and RHIOs
HIPAA and RHIOsnobumoto
 
National Adoption Month
National Adoption MonthNational Adoption Month
National Adoption MonthDavid Grislis
 
La crisis de 1929
La crisis de 1929La crisis de 1929
La crisis de 1929profejavierburdiles
 

More Related Content

What's hot

Cybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryCybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryEMC
 
Health Care Technology And Privacy
Health Care Technology And PrivacyHealth Care Technology And Privacy
Health Care Technology And PrivacyScott Fikes
 
Cost of Data Breah in Healthcare_Quinlan, Courtney
Cost of Data Breah in Healthcare_Quinlan, CourtneyCost of Data Breah in Healthcare_Quinlan, Courtney
Cost of Data Breah in Healthcare_Quinlan, Courtneycourtneyquinlan
 
Protecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to KnowProtecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to KnowNetwork 1 Consulting
 
HIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowHIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowShred-it
 
Universal Unique Patient Information Identifier UUPII
Universal Unique Patient Information Identifier UUPIIUniversal Unique Patient Information Identifier UUPII
Universal Unique Patient Information Identifier UUPIIFrank Avignone
 
GIST 698 Research Paper
GIST 698 Research PaperGIST 698 Research Paper
GIST 698 Research PaperRyan Flanagan
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentDonald E. Hester
 
Your healthy practice July/August 2011
Your healthy practice July/August 2011Your healthy practice July/August 2011
Your healthy practice July/August 2011Kushner LaGraize, LLC
 
Complete feasibility report
Complete feasibility reportComplete feasibility report
Complete feasibility reportSharon Nemecek
 
Protecting Patient Information - Feds Find Security Lapses in State and Local...
Protecting Patient Information - Feds Find Security Lapses in State and Local...Protecting Patient Information - Feds Find Security Lapses in State and Local...
Protecting Patient Information - Feds Find Security Lapses in State and Local...Patton Boggs LLP
 
Cscu module 12 information security and legal compliance
Cscu module 12 information security and legal complianceCscu module 12 information security and legal compliance
Cscu module 12 information security and legal complianceAlireza Ghahrood
 
HIPAA and RHIOs
HIPAA and RHIOsHIPAA and RHIOs
HIPAA and RHIOsnobumoto
 

What's hot (20)

Cybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryCybercrime and the Healthcare Industry
Cybercrime and the Healthcare Industry
 
Health Care Technology And Privacy
Health Care Technology And PrivacyHealth Care Technology And Privacy
Health Care Technology And Privacy
 
Cost of Data Breah in Healthcare_Quinlan, Courtney
Cost of Data Breah in Healthcare_Quinlan, CourtneyCost of Data Breah in Healthcare_Quinlan, Courtney
Cost of Data Breah in Healthcare_Quinlan, Courtney
 
Protecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to KnowProtecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to Know
 
Legal Aspects in Health Informatics
Legal Aspects in Health InformaticsLegal Aspects in Health Informatics
Legal Aspects in Health Informatics
 
Threatsploit Adversary Report January 2019
Threatsploit Adversary Report January 2019Threatsploit Adversary Report January 2019
Threatsploit Adversary Report January 2019
 
HITECH-Changes-to-HIPAA
HITECH-Changes-to-HIPAAHITECH-Changes-to-HIPAA
HITECH-Changes-to-HIPAA
 
Legal Aspects in Health Informatics
Legal Aspects in Health InformaticsLegal Aspects in Health Informatics
Legal Aspects in Health Informatics
 
HIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowHIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to know
 
Universal Unique Patient Information Identifier UUPII
Universal Unique Patient Information Identifier UUPIIUniversal Unique Patient Information Identifier UUPII
Universal Unique Patient Information Identifier UUPII
 
GIST 698 Research Paper
GIST 698 Research PaperGIST 698 Research Paper
GIST 698 Research Paper
 
Hitech Act
Hitech ActHitech Act
Hitech Act
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local Government
 
Your healthy practice July/August 2011
Your healthy practice July/August 2011Your healthy practice July/August 2011
Your healthy practice July/August 2011
 
Hitech Act
Hitech ActHitech Act
Hitech Act
 
Complete feasibility report
Complete feasibility reportComplete feasibility report
Complete feasibility report
 
Protecting Patient Information - Feds Find Security Lapses in State and Local...
Protecting Patient Information - Feds Find Security Lapses in State and Local...Protecting Patient Information - Feds Find Security Lapses in State and Local...
Protecting Patient Information - Feds Find Security Lapses in State and Local...
 
Chronology of Data Breaches
Chronology of Data BreachesChronology of Data Breaches
Chronology of Data Breaches
 
Cscu module 12 information security and legal compliance
Cscu module 12 information security and legal complianceCscu module 12 information security and legal compliance
Cscu module 12 information security and legal compliance
 
HIPAA and RHIOs
HIPAA and RHIOsHIPAA and RHIOs
HIPAA and RHIOs
 

Viewers also liked

National Adoption Month
National Adoption MonthNational Adoption Month
National Adoption MonthDavid Grislis
 
Conseil régional Paca : Définition d'une stratégie coordonnée avec l'Etat en ...
Conseil régional Paca : Définition d'une stratégie coordonnée avec l'Etat en ...Conseil régional Paca : Définition d'une stratégie coordonnée avec l'Etat en ...
Conseil régional Paca : Définition d'une stratégie coordonnée avec l'Etat en ...AVIE
 
Mona Al Ali Portfolio
Mona Al Ali PortfolioMona Al Ali Portfolio
Mona Al Ali PortfolioMona Al Ali
 
13 primeira categoria - caso 12
13 primeira categoria - caso 1213 primeira categoria - caso 12
13 primeira categoria - caso 12Fatoze
 
Class XII Computer Science Study Material
Class XII Computer Science Study MaterialClass XII Computer Science Study Material
Class XII Computer Science Study MaterialFellowBuddy.com
 
Tableaux des cumuls avec l'aide à l'embauche PME
Tableaux des cumuls avec l'aide à l'embauche PME Tableaux des cumuls avec l'aide à l'embauche PME
Tableaux des cumuls avec l'aide à l'embauche PME AVIE
 
House of New Hope Banquet and Conference Center
House of New Hope Banquet and Conference CenterHouse of New Hope Banquet and Conference Center
House of New Hope Banquet and Conference CenterHouse of New Hope
 
An Enhanced Image Warping Technique
An Enhanced Image Warping TechniqueAn Enhanced Image Warping Technique
An Enhanced Image Warping TechniqueCSCJournals
 
CBSE Computer Project for Class 12 ( C++)
CBSE Computer Project for Class 12 ( C++)CBSE Computer Project for Class 12 ( C++)
CBSE Computer Project for Class 12 ( C++)Karan Bora
 
Behavioral Health Orientation
Behavioral Health OrientationBehavioral Health Orientation
Behavioral Health OrientationHouse of New Hope
 
Performance and Quality Improvement, 7 07, ppt
Performance and Quality Improvement, 7 07, pptPerformance and Quality Improvement, 7 07, ppt
Performance and Quality Improvement, 7 07, pptHouse of New Hope
 
Fibromyalgia powerpoint completed
Fibromyalgia powerpoint completedFibromyalgia powerpoint completed
Fibromyalgia powerpoint completedLaura Dunn
 

Viewers also liked (17)

National Adoption Month
National Adoption MonthNational Adoption Month
National Adoption Month
 
La crisis de 1929
La crisis de 1929La crisis de 1929
La crisis de 1929
 
Conseil régional Paca : Définition d'une stratégie coordonnée avec l'Etat en ...
Conseil régional Paca : Définition d'une stratégie coordonnée avec l'Etat en ...Conseil régional Paca : Définition d'une stratégie coordonnée avec l'Etat en ...
Conseil régional Paca : Définition d'une stratégie coordonnée avec l'Etat en ...
 
Mona Al Ali Portfolio
Mona Al Ali PortfolioMona Al Ali Portfolio
Mona Al Ali Portfolio
 
13 primeira categoria - caso 12
13 primeira categoria - caso 1213 primeira categoria - caso 12
13 primeira categoria - caso 12
 
Class XII Computer Science Study Material
Class XII Computer Science Study MaterialClass XII Computer Science Study Material
Class XII Computer Science Study Material
 
Defensive Driving Training Certificate
Defensive Driving Training CertificateDefensive Driving Training Certificate
Defensive Driving Training Certificate
 
Tableaux des cumuls avec l'aide à l'embauche PME
Tableaux des cumuls avec l'aide à l'embauche PME Tableaux des cumuls avec l'aide à l'embauche PME
Tableaux des cumuls avec l'aide à l'embauche PME
 
House of New Hope Banquet and Conference Center
House of New Hope Banquet and Conference CenterHouse of New Hope Banquet and Conference Center
House of New Hope Banquet and Conference Center
 
An Enhanced Image Warping Technique
An Enhanced Image Warping TechniqueAn Enhanced Image Warping Technique
An Enhanced Image Warping Technique
 
CBSE Computer Project for Class 12 ( C++)
CBSE Computer Project for Class 12 ( C++)CBSE Computer Project for Class 12 ( C++)
CBSE Computer Project for Class 12 ( C++)
 
Behavioral Health Orientation
Behavioral Health OrientationBehavioral Health Orientation
Behavioral Health Orientation
 
Performance and Quality Improvement, 7 07, ppt
Performance and Quality Improvement, 7 07, pptPerformance and Quality Improvement, 7 07, ppt
Performance and Quality Improvement, 7 07, ppt
 
Fibromyalgia powerpoint completed
Fibromyalgia powerpoint completedFibromyalgia powerpoint completed
Fibromyalgia powerpoint completed
 
Palestra drogas
Palestra drogasPalestra drogas
Palestra drogas
 
A Fé e o Guarda-chuva
A Fé e o Guarda-chuvaA Fé e o Guarda-chuva
A Fé e o Guarda-chuva
 
How to Avoid the Sting of Unknown Risks
How to Avoid the Sting of Unknown RisksHow to Avoid the Sting of Unknown Risks
How to Avoid the Sting of Unknown Risks
 

Similar to Data Breach: It Can Happen To You

Running head Information security threats 1Information secur.docx
Running head Information security threats 1Information secur.docxRunning head Information security threats 1Information secur.docx
Running head Information security threats 1Information secur.docxwlynn1
 
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...ijsptm
 
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxPage 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxkarlhennesey
 
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxPage 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxhoney690131
 
Patient Privacy Patient Privacy Issu.docx
Patient Privacy Patient Privacy Issu.docxPatient Privacy Patient Privacy Issu.docx
Patient Privacy Patient Privacy Issu.docxherbertwilson5999
 
Cybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryCybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryEMC
 
Big data and cyber security legal risks and challenges
Big data and cyber security legal risks and challengesBig data and cyber security legal risks and challenges
Big data and cyber security legal risks and challengesKapil Mehrotra
 
Why merging medical records, hospital reports, and clinical trial data is a v...
Why merging medical records, hospital reports, and clinical trial data is a v...Why merging medical records, hospital reports, and clinical trial data is a v...
Why merging medical records, hospital reports, and clinical trial data is a v...Arete-Zoe, LLC
 
Confidentiality – your critical role
Confidentiality – your critical roleConfidentiality – your critical role
Confidentiality – your critical roleImdone
 
Hippa final JU nursing informatics
Hippa final JU nursing informaticsHippa final JU nursing informatics
Hippa final JU nursing informaticskmcanty
 
1Anthem Inc. HIPAA ViolationJune 21, 2021
1Anthem Inc. HIPAA ViolationJune 21, 20211Anthem Inc. HIPAA ViolationJune 21, 2021
1Anthem Inc. HIPAA ViolationJune 21, 2021EttaBenton28
 
1)Health data is sensitive and confidential; hence, it should .docx
1)Health data is sensitive and confidential; hence, it should .docx1)Health data is sensitive and confidential; hence, it should .docx
1)Health data is sensitive and confidential; hence, it should .docxteresehearn
 
Safety of protected health information (phi)
Safety of protected health information (phi)Safety of protected health information (phi)
Safety of protected health information (phi)Josette Pribilla
 
Medical Information Security
Medical Information SecurityMedical Information Security
Medical Information SecurityCSCJournals
 
Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012Redspin, Inc.
 
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITALINCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITALIJNSA Journal
 
Presentation hippa
Presentation hippaPresentation hippa
Presentation hippamaggie_Platt
 
Why cyber-criminals target Healthcare - Panda Security
Why cyber-criminals target Healthcare - Panda Security Why cyber-criminals target Healthcare - Panda Security
Why cyber-criminals target Healthcare - Panda Security Panda Security
 

Similar to Data Breach: It Can Happen To You (20)

Addressing Data Security Issues in Healthcare
Addressing Data Security Issues in Healthcare Addressing Data Security Issues in Healthcare
Addressing Data Security Issues in Healthcare
 
Running head Information security threats 1Information secur.docx
Running head Information security threats 1Information secur.docxRunning head Information security threats 1Information secur.docx
Running head Information security threats 1Information secur.docx
 
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...
 
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxPage 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
 
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxPage 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
 
Patient Privacy Patient Privacy Issu.docx
Patient Privacy Patient Privacy Issu.docxPatient Privacy Patient Privacy Issu.docx
Patient Privacy Patient Privacy Issu.docx
 
Cybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryCybercrime and the Healthcare Industry
Cybercrime and the Healthcare Industry
 
Big data and cyber security legal risks and challenges
Big data and cyber security legal risks and challengesBig data and cyber security legal risks and challenges
Big data and cyber security legal risks and challenges
 
Why merging medical records, hospital reports, and clinical trial data is a v...
Why merging medical records, hospital reports, and clinical trial data is a v...Why merging medical records, hospital reports, and clinical trial data is a v...
Why merging medical records, hospital reports, and clinical trial data is a v...
 
Confidentiality – your critical role
Confidentiality – your critical roleConfidentiality – your critical role
Confidentiality – your critical role
 
Hippa final JU nursing informatics
Hippa final JU nursing informaticsHippa final JU nursing informatics
Hippa final JU nursing informatics
 
1Anthem Inc. HIPAA ViolationJune 21, 2021
1Anthem Inc. HIPAA ViolationJune 21, 20211Anthem Inc. HIPAA ViolationJune 21, 2021
1Anthem Inc. HIPAA ViolationJune 21, 2021
 
Risk management in Healthcare on Cloud
Risk management in Healthcare on CloudRisk management in Healthcare on Cloud
Risk management in Healthcare on Cloud
 
1)Health data is sensitive and confidential; hence, it should .docx
1)Health data is sensitive and confidential; hence, it should .docx1)Health data is sensitive and confidential; hence, it should .docx
1)Health data is sensitive and confidential; hence, it should .docx
 
Safety of protected health information (phi)
Safety of protected health information (phi)Safety of protected health information (phi)
Safety of protected health information (phi)
 
Medical Information Security
Medical Information SecurityMedical Information Security
Medical Information Security
 
Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012
 
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITALINCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
 
Presentation hippa
Presentation hippaPresentation hippa
Presentation hippa
 
Why cyber-criminals target Healthcare - Panda Security
Why cyber-criminals target Healthcare - Panda Security Why cyber-criminals target Healthcare - Panda Security
Why cyber-criminals target Healthcare - Panda Security
 

Recently uploaded

FAMILY in sociology for physiotherapists.pptx
FAMILY in sociology for physiotherapists.pptxFAMILY in sociology for physiotherapists.pptx
FAMILY in sociology for physiotherapists.pptxMumux Mirani
 
SARS (SEVERE ACUTE RESPIRATORY SYNDROME).pdf
SARS (SEVERE ACUTE RESPIRATORY SYNDROME).pdfSARS (SEVERE ACUTE RESPIRATORY SYNDROME).pdf
SARS (SEVERE ACUTE RESPIRATORY SYNDROME).pdfDolisha Warbi
 
Call Girls Hyderabad Krisha 9907093804 Independent Escort Service Hyderabad
Call Girls Hyderabad Krisha 9907093804 Independent Escort Service HyderabadCall Girls Hyderabad Krisha 9907093804 Independent Escort Service Hyderabad
Call Girls Hyderabad Krisha 9907093804 Independent Escort Service Hyderabaddelhimodelshub1
 
Russian Call Girls Hyderabad Saloni 9907093804 Independent Escort Service Hyd...
Russian Call Girls Hyderabad Saloni 9907093804 Independent Escort Service Hyd...Russian Call Girls Hyderabad Saloni 9907093804 Independent Escort Service Hyd...
Russian Call Girls Hyderabad Saloni 9907093804 Independent Escort Service Hyd...delhimodelshub1
 
Call Girls Nandini Layout - 7001305949 Escorts Service with Real Photos and M...
Call Girls Nandini Layout - 7001305949 Escorts Service with Real Photos and M...Call Girls Nandini Layout - 7001305949 Escorts Service with Real Photos and M...
Call Girls Nandini Layout - 7001305949 Escorts Service with Real Photos and M...narwatsonia7
 
Hi,Fi Call Girl In Marathahalli - 7001305949 with real photos and phone numbers
Hi,Fi Call Girl In Marathahalli - 7001305949 with real photos and phone numbersHi,Fi Call Girl In Marathahalli - 7001305949 with real photos and phone numbers
Hi,Fi Call Girl In Marathahalli - 7001305949 with real photos and phone numbersnarwatsonia7
 
College Call Girls Hyderabad Sakshi 9907093804 Independent Escort Service Hyd...
College Call Girls Hyderabad Sakshi 9907093804 Independent Escort Service Hyd...College Call Girls Hyderabad Sakshi 9907093804 Independent Escort Service Hyd...
College Call Girls Hyderabad Sakshi 9907093804 Independent Escort Service Hyd...delhimodelshub1
 
Pregnancy and Breastfeeding Dental Considerations.pptx
Pregnancy and Breastfeeding Dental Considerations.pptxPregnancy and Breastfeeding Dental Considerations.pptx
Pregnancy and Breastfeeding Dental Considerations.pptxcrosalofton
 
Russian Call Girls Delhi Cantt | 9711199171 | High Profile -New Model -Availa...
Russian Call Girls Delhi Cantt | 9711199171 | High Profile -New Model -Availa...Russian Call Girls Delhi Cantt | 9711199171 | High Profile -New Model -Availa...
Russian Call Girls Delhi Cantt | 9711199171 | High Profile -New Model -Availa...satishsharma69855
 
Models Call Girls Electronic City | 7001305949 At Low Cost Cash Payment Booking
Models Call Girls Electronic City | 7001305949 At Low Cost Cash Payment BookingModels Call Girls Electronic City | 7001305949 At Low Cost Cash Payment Booking
Models Call Girls Electronic City | 7001305949 At Low Cost Cash Payment Bookingnarwatsonia7
 
Call Girls Hsr Layout Whatsapp 7001305949 Independent Escort Service
Call Girls Hsr Layout Whatsapp 7001305949 Independent Escort ServiceCall Girls Hsr Layout Whatsapp 7001305949 Independent Escort Service
Call Girls Hsr Layout Whatsapp 7001305949 Independent Escort Servicenarwatsonia7
 
Gurgaon Sector 45 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few ...
Gurgaon Sector 45 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few ...Gurgaon Sector 45 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few ...
Gurgaon Sector 45 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few ...vrvipin164
 
Low Rate Call Girls In Bommanahalli Just Call 7001305949
Low Rate Call Girls In Bommanahalli Just Call 7001305949Low Rate Call Girls In Bommanahalli Just Call 7001305949
Low Rate Call Girls In Bommanahalli Just Call 7001305949ps5894268
 
Russian Escorts Delhi | 9711199171 | all area service available
Russian Escorts Delhi | 9711199171 | all area service availableRussian Escorts Delhi | 9711199171 | all area service available
Russian Escorts Delhi | 9711199171 | all area service availablesandeepkumar69420
 
Call Girls Dwarka 9999965857 Cheap & Best with original Photos
Call Girls Dwarka 9999965857 Cheap & Best with original PhotosCall Girls Dwarka 9999965857 Cheap & Best with original Photos
Call Girls Dwarka 9999965857 Cheap & Best with original Photosparshadkalavatidevi7
 
Call Girls Gurgaon Vani 9999965857 Independent Escort Service Gurgaon
Call Girls Gurgaon Vani 9999965857 Independent Escort Service GurgaonCall Girls Gurgaon Vani 9999965857 Independent Escort Service Gurgaon
Call Girls Gurgaon Vani 9999965857 Independent Escort Service Gurgaonnitachopra
 
Call Girls Service Bommasandra - Call 7001305949 Rs-3500 with A/C Room Cash o...
Call Girls Service Bommasandra - Call 7001305949 Rs-3500 with A/C Room Cash o...Call Girls Service Bommasandra - Call 7001305949 Rs-3500 with A/C Room Cash o...
Call Girls Service Bommasandra - Call 7001305949 Rs-3500 with A/C Room Cash o...narwatsonia7
 
Call Girl Service ITPL - [ Cash on Delivery ] Contact 7001305949 Escorts Service
Call Girl Service ITPL - [ Cash on Delivery ] Contact 7001305949 Escorts ServiceCall Girl Service ITPL - [ Cash on Delivery ] Contact 7001305949 Escorts Service
Call Girl Service ITPL - [ Cash on Delivery ] Contact 7001305949 Escorts Servicenarwatsonia7
 
2025 Inpatient Prospective Payment System (IPPS) Proposed Rule
2025 Inpatient Prospective Payment System (IPPS) Proposed Rule2025 Inpatient Prospective Payment System (IPPS) Proposed Rule
2025 Inpatient Prospective Payment System (IPPS) Proposed RuleShelby Lewis
 
Gurgaon DLF Phase 5 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Fe...
Gurgaon DLF Phase 5 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Fe...Gurgaon DLF Phase 5 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Fe...
Gurgaon DLF Phase 5 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Fe...ggsonu500
 

Recently uploaded (20)

FAMILY in sociology for physiotherapists.pptx
FAMILY in sociology for physiotherapists.pptxFAMILY in sociology for physiotherapists.pptx
FAMILY in sociology for physiotherapists.pptx
 
SARS (SEVERE ACUTE RESPIRATORY SYNDROME).pdf
SARS (SEVERE ACUTE RESPIRATORY SYNDROME).pdfSARS (SEVERE ACUTE RESPIRATORY SYNDROME).pdf
SARS (SEVERE ACUTE RESPIRATORY SYNDROME).pdf
 
Call Girls Hyderabad Krisha 9907093804 Independent Escort Service Hyderabad
Call Girls Hyderabad Krisha 9907093804 Independent Escort Service HyderabadCall Girls Hyderabad Krisha 9907093804 Independent Escort Service Hyderabad
Call Girls Hyderabad Krisha 9907093804 Independent Escort Service Hyderabad
 
Russian Call Girls Hyderabad Saloni 9907093804 Independent Escort Service Hyd...
Russian Call Girls Hyderabad Saloni 9907093804 Independent Escort Service Hyd...Russian Call Girls Hyderabad Saloni 9907093804 Independent Escort Service Hyd...
Russian Call Girls Hyderabad Saloni 9907093804 Independent Escort Service Hyd...
 
Call Girls Nandini Layout - 7001305949 Escorts Service with Real Photos and M...
Call Girls Nandini Layout - 7001305949 Escorts Service with Real Photos and M...Call Girls Nandini Layout - 7001305949 Escorts Service with Real Photos and M...
Call Girls Nandini Layout - 7001305949 Escorts Service with Real Photos and M...
 
Hi,Fi Call Girl In Marathahalli - 7001305949 with real photos and phone numbers
Hi,Fi Call Girl In Marathahalli - 7001305949 with real photos and phone numbersHi,Fi Call Girl In Marathahalli - 7001305949 with real photos and phone numbers
Hi,Fi Call Girl In Marathahalli - 7001305949 with real photos and phone numbers
 
College Call Girls Hyderabad Sakshi 9907093804 Independent Escort Service Hyd...
College Call Girls Hyderabad Sakshi 9907093804 Independent Escort Service Hyd...College Call Girls Hyderabad Sakshi 9907093804 Independent Escort Service Hyd...
College Call Girls Hyderabad Sakshi 9907093804 Independent Escort Service Hyd...
 
Pregnancy and Breastfeeding Dental Considerations.pptx
Pregnancy and Breastfeeding Dental Considerations.pptxPregnancy and Breastfeeding Dental Considerations.pptx
Pregnancy and Breastfeeding Dental Considerations.pptx
 
Russian Call Girls Delhi Cantt | 9711199171 | High Profile -New Model -Availa...
Russian Call Girls Delhi Cantt | 9711199171 | High Profile -New Model -Availa...Russian Call Girls Delhi Cantt | 9711199171 | High Profile -New Model -Availa...
Russian Call Girls Delhi Cantt | 9711199171 | High Profile -New Model -Availa...
 
Models Call Girls Electronic City | 7001305949 At Low Cost Cash Payment Booking
Models Call Girls Electronic City | 7001305949 At Low Cost Cash Payment BookingModels Call Girls Electronic City | 7001305949 At Low Cost Cash Payment Booking
Models Call Girls Electronic City | 7001305949 At Low Cost Cash Payment Booking
 
Call Girls Hsr Layout Whatsapp 7001305949 Independent Escort Service
Call Girls Hsr Layout Whatsapp 7001305949 Independent Escort ServiceCall Girls Hsr Layout Whatsapp 7001305949 Independent Escort Service
Call Girls Hsr Layout Whatsapp 7001305949 Independent Escort Service
 
Gurgaon Sector 45 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few ...
Gurgaon Sector 45 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few ...Gurgaon Sector 45 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few ...
Gurgaon Sector 45 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few ...
 
Low Rate Call Girls In Bommanahalli Just Call 7001305949
Low Rate Call Girls In Bommanahalli Just Call 7001305949Low Rate Call Girls In Bommanahalli Just Call 7001305949
Low Rate Call Girls In Bommanahalli Just Call 7001305949
 
Russian Escorts Delhi | 9711199171 | all area service available
Russian Escorts Delhi | 9711199171 | all area service availableRussian Escorts Delhi | 9711199171 | all area service available
Russian Escorts Delhi | 9711199171 | all area service available
 
Call Girls Dwarka 9999965857 Cheap & Best with original Photos
Call Girls Dwarka 9999965857 Cheap & Best with original PhotosCall Girls Dwarka 9999965857 Cheap & Best with original Photos
Call Girls Dwarka 9999965857 Cheap & Best with original Photos
 
Call Girls Gurgaon Vani 9999965857 Independent Escort Service Gurgaon
Call Girls Gurgaon Vani 9999965857 Independent Escort Service GurgaonCall Girls Gurgaon Vani 9999965857 Independent Escort Service Gurgaon
Call Girls Gurgaon Vani 9999965857 Independent Escort Service Gurgaon
 
Call Girls Service Bommasandra - Call 7001305949 Rs-3500 with A/C Room Cash o...
Call Girls Service Bommasandra - Call 7001305949 Rs-3500 with A/C Room Cash o...Call Girls Service Bommasandra - Call 7001305949 Rs-3500 with A/C Room Cash o...
Call Girls Service Bommasandra - Call 7001305949 Rs-3500 with A/C Room Cash o...
 
Call Girl Service ITPL - [ Cash on Delivery ] Contact 7001305949 Escorts Service
Call Girl Service ITPL - [ Cash on Delivery ] Contact 7001305949 Escorts ServiceCall Girl Service ITPL - [ Cash on Delivery ] Contact 7001305949 Escorts Service
Call Girl Service ITPL - [ Cash on Delivery ] Contact 7001305949 Escorts Service
 
2025 Inpatient Prospective Payment System (IPPS) Proposed Rule
2025 Inpatient Prospective Payment System (IPPS) Proposed Rule2025 Inpatient Prospective Payment System (IPPS) Proposed Rule
2025 Inpatient Prospective Payment System (IPPS) Proposed Rule
 
Gurgaon DLF Phase 5 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Fe...
Gurgaon DLF Phase 5 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Fe...Gurgaon DLF Phase 5 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Fe...
Gurgaon DLF Phase 5 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Fe...
 

Data Breach: It Can Happen To You

  • 1. Data Breach: It Can Happen to You Chris Reese • Vice President, Director of Underwriting Melvin Osswald • Vice President, Program Underwriting
  • 2. 2 An educational program presented by the Cooperative of American Physicians, Inc.
  • 3. The information in this presentation should not be considered legal advice applicable to a specific situation. Legal guidance for individual matters should be obtained from a retained attorney. 3
  • 4. A Data Breach Is Not A Disaster. Mishandling It Is. 4
  • 5. Introduction: Complexity of Cyber Threats has Grown Dramatically  US businesses face increasingly sophisticated threats that outstrip traditional defenses  Economics of cybersecurity favor the attackers  Reputational harm is significant  Competing pressures within organizations  Deploy IT resources to mitigate risk as well as to advance the required business technologies to service customers and compete 5
  • 6. Economic Motivation Estimate 95% of attacks are economically motivated Attempting to steal data  Corporate trade secrets  Personal information (Name/address/SS#/banking info)  Health insurance information  Medical history information  Employee records 6
  • 7. Advanced Persistent Threats – “High End Attacks” 7  Ultra sophisticated teams of cyber criminals  Deploy increasingly targeted malware in multi staged stealth attacks  Goal – penetrate all of the perimeter defense systems  Intruders look at multiple avenues to exploit all layers of security vulnerabilities until they reach their goal  Cyber security field consensus – criminals are ahead of the corporations that need to defend themselves
  • 8. 8 Vulnerability is not limited to External Threats - “Low End Attacks”  Employees – poorly trained, not following required protocols, disgruntled  Subcontractors and independent contractors  “BYOD” – bring your own device  Any party that the company connects to electronically creates a vulnerability – vendor and partner management
  • 9. 9 Question  Has your facility or group experienced a cyber breach?
  • 10. 10 In the News In 2013 and 2014, the Identity Theft Resource Center (ITRC) documented nearly 1,400 data breaches in the US, including:  Target – 110,000,000 Records Compromised  Anthem Breach – 78,800,000 Records Compromised (source: USA Today April 14, 2015)  Home Depot– 56,000,000 Records Compromised  IRS – 1,400,000 Records Compromised  J.P Morgan Chase – 1,000,000 Records Compromised  Saint Joseph Health System – 405,000 Records Compromised  University of Maryland – 309,079 Records Compromised
  • 11. 11 In the News cont. In 2013 and 2014, the Identity Theft Resource Center (ITRC) documented nearly 1,400 data breaches in the US, including:  Touchstone Medical Imaging (TN) – 307,528 Records Compromised  Sutherland Healthcare Solutions – 168,500 Records Compromised  Indiana University – 146,000 Records Compromised  Orthopaedic Specialty Institute (AL) – Iron Mountain 49,714 Records Compromised  Office of Nisar Quraishi (NY) – 20,000 Records Compromised  Office of Dennis Flynn, M.D. (IL) – 13,646 Records Compromised
  • 12. What is a Breach?  A breach is defined as an event in which an individual name plus Social Security number (SSN), driver’s license number, medical record or a financial record/credit/debit card is potentially put at risk.  Paper or Electronic records  Potential Security Threats  Compromise the integrity, security or confidentiality of information  Circumstances where a data breach may have happened or could happen in the future. (e.g. lost flash drive with PII) 12
  • 13. 13 Identity Theft Resource Center (ITRC) documented 783 U.S. data breaches in 2014, representing a 27.5% increase over the number of breaches reported in 2013 *  42.5% of the breaches were in the medical/healthcare industries.  Hacking incidents represented the leading cause of data breach incidents, accounting for 29% of the breaches tracked by the ITRC.  This was followed for the second year in a row by breaches involving Subcontractor/Third Party at 15.1 %. Number of Breaches is on the Rise * http://www.idtheftcenter.org/ITRC-Surveys- Studies/2014databreaches.html
  • 14. Question  Are data breaches more likely to be caused by a hacker or malware/virus penetrating the cyber defense?  Hacker  Malware/virus 14
  • 15. Claims – Source of Exposed Data (source NetDiligence report 2014) Percentage of Records Exposed by Cause of Loss Hacker 74% Malware/Virus 23% Theft of Hardware All other 15
  • 16. MISSION: CRITICAL 16 Highly valuable information to cyber criminals
  • 17. Regulatory Climate 17  Health Insurance Portability and Accountability Act of 1996 (HIPAA)  Health Information Technology for Economic and Clinical Health Act (HITECH)  Variety of State laws
  • 18. Why are Healthcare Providers a Target? 18 Privacy exposures: Personally Identifiable Information (PII) Protected Health Information (PHI)  Medical records (electronic and paper)  Billing information (credit cards, addresses, bank information, etc.)  Insurance information  Social Security numbers  Employee information  Corporate/Financial information
  • 19. 19 Sources of Exposure  Negligence & carelessness  Lost or stolen laptops & other portable devices  Improper disposal of records  Lack of system protections  Increased use of electronic databases  Outsourcing of services  Rogue employees
  • 20. Costs of a Data Breach 20 Our results show that the cost to respond to a data breach is usually between $10- $30 per record for breach response services that include some legal expenses, patient notification letters, call center support, and credit monitoring services. (Keep in mind this number is an average. Costs can exceed $30 a record in some cases. IT costs, Legal fees, and government fines are additional.)
  • 21. A Simplified View of a Data Breach Handling the Long-Term ConsequencesManaging the Short-Term Crisis Evaluation of the Data Breach Discovery of a Data Breach Forensic Investigation and Legal Review Notification and Credit Monitoring Class-Action Lawsuits Regulatory Fines, Penalties, and Consumer Redress Public Relations Reputational Damage Income Loss 21
  • 22. 22 Clinic hit with $150,000 HIPAA Penalty Breach Investigation Triggers Resolution Agreement  A federal investigation of a relatively small breach has resulted in a financial penalty for a physician group practice in Massachusetts. The HHS Office for Civil Rights (OCR) opened an investigation of APDerm upon receiving a report that an unencrypted thumb drive containing the electronic protected health information (ePHI) of approximately 2,200 individuals was stolen from a vehicle of one its staff members. The thumb drive was never recovered.  The investigation revealed that APDerm had not conducted an accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality of ePHI as part of its security management process. Further, APDerm did not fully comply with requirements of the Breach Notification Rule to have in place written policies and procedures and train workforce members.  In addition to the $150,000 HIPAA Penalty, the settlement includes a corrective action plan requiring APDerm to develop a risk analysis/ risk management plan to address and mitigate any security risks and vulnerabilities, as well as to provide an implementation report to OCR.  The Department of Health and Human Services' Office for Civil Rights on Dec. 26, 2013 announced a resolution agreement with Adult & Pediatric Dermatology, PC of Concord, Mass. Cyber Liability Coverage Claims Example (SOURCE: HHS.Gov, December, 2013)
  • 23. 23 Hospital Notifies Six Years’ Worth of Patients After Breach  A stolen, unencrypted laptop computer has caused Gibson General Hospital in Princeton, Ind., to notify all 29,000 patients treated during the past six years of a breach of their protected health information.  The password-protected laptop was among the items stolen during a burglary of an employee's home on Nov. 27, 2012, according to the hospital. Some employees are permitted to bring home laptops; the employee required 24-hour access to the electronic health records system, according to the hospital.  The laptop has not been found and the hospital cannot determine which patients had information on it, so it is notifying all patients since January 2007 when the EHR was implemented. But the clinical records contain names, addresses, Social Security numbers and treatment details, among other information. There is no indication the data has been accessed, according to a notice to patients.  Gibson General Hospital is offering affected patients one year of free credit monitoring and identity theft protection services. Cyber Liability Coverage Claims Example (SOURCE: NAS Claims Department)
  • 24. Breaches in the News $50 Million Class Action Lawsuit Against Long Island Health System Twelve people have filed a $50 Million class-action lawsuit against Long Island Health System and North Shore University Hospital, where thieves stole physical paper records called “face sheets” plus encrypted digital files that contained patient information such as insurance numbers, Social Security numbers, dates of birth, address and medical histories. (Source: Modern Healthcare, Feb. 2013) 24
  • 25. 25 $400,000 Penalty in HIPAA Case An Idaho State University has agreed to pay $400,000 as part of a resolution agreement stemming from an incident it reported in August 2011 that potentially could have exposed information on 17,500 patients at the university’s Pocatello Family Medicine Clinic. Patient information was vulnerable for at least 10 months because a firewall protecting a server was disabled, according to the Department of Health and Human Services’ Office for Civil Rights. (SOURCE: Government Information Security, May 2013) Breaches in the News
  • 26. 26 Three laptops stolen from New York podiatry office, 6,475 at risk Nearly 6,500 patients of Sims and Associates Podiatry may have had personal information compromised after three laptops containing the patient data were stolen from the New York office. The types of personal information at risk included names, addresses, Social Security numbers, phone numbers, genders, ages, and personal health and insurance information. (Also visit dates, vascular testing information, weights and prescribes orthotics, x-ray dates and imaging…) A notification was posted on the Sims and Associates Podiatry website (SOURCE: Sims and Associates Podiatry, Important Security and Protection Notification, April, 2014) Breaches in the News
  • 27. 27 When evaluating your business’ exposure to a potential data breach, you need to consider: Type of information stored System protections, including encryption Employee access and education Business associate agreements In-house resources for the breach response plan/team Cyber Liability Insurance coverage All of the above Question
  • 28.  Type of information stored  System protections, including encryption  Employee access & education  Business associate agreements  Breach response plan/team  Cyber Liability Insurance 28 Risk Assessment
  • 29. Four Basic Security Controls  Restricting user installation of applications (“whitelisting”)  Ensuring that the operations system is patched with current updates  Ensuring software applications have current updates  Restricting Administrative privileges 29
  • 30. 30 CyberRisk Insurance - comprehensive data security and privacy insurance  Crisis Management Expenses and Breach Response: Retain legal, forensic and public relations experts  Customer Notification Expenses and Customer Support Expenses: Mandated by Federal and State laws  Security & Privacy Liability: Defense and settlement for lawsuits from third parties  Privacy Regulatory Defense and Penalties: Regulatory protection  Cyber Terrorism: Loss of income due to attack on network from terrorists  Cyber Extortion: Extortion expenses and monies  Multimedia Liability: Defense and settlement for lawsuits from third parties for copyright or trademark infringement, libel or slander, or plagiarism for online and offline media  Network Asset Protection: Loss of income and reimbursement for costs to replace data Coverage Summary
  • 31. Consider the Costs 31  Cost to consult with an experienced attorney – Cost can range from $5,000 to $50,000 depending on the scope and complexity of the breach.  IT Forensics – IT Forensic investigation costs can range from $5,000 to $100,000 + depending on the circumstances.  Patient Notification – Plan on $1-3 per record depending on quantity.  Patient Call Center Support – The cost is usually between $5,000-$20,000, depending on the circumstances.  Credit Monitoring – This costs between $10-$30 per individual that signs up for the service.  Public Relations Expenses – Costs vary widely depending on the service provided and on the size and scope of the breach.
  • 32. Question 32 Which of the following are important risk management steps? Assign one person to be ultimately responsible for privacy and data security Have a plan to address data security incidents Determine where PHI or PII is stored Conduct a risk assessment Control vendors and business partners Continuous workforce training Annual update on company policy regarding privacy and compliance All of the above
  • 33. Cyber Liability Risk Management Website 33 33 • Compliance materials by state • Templates are provided to help insured's implement policies and procedures
  • 34. Cyber Liability Risk Management Website 34 34 • Summary of state specific law for security breach notification • Template of Business Associates Agreement, Vendor Agreement, etc.
  • 35. Compliance Basics – 8 Point Compliance Checklist And Procedures 35 Assign ultimate privacy and data security responsibility to 1 person  Accountability  Focus Prepare for data security incidents  Back up plan if network goes down  Restoration plan  Notification to CAP
  • 36. Compliance Basics – 8 Point Compliance Checklist And Procedures 36 Determine where Personal Information is stored  Network  Back up tapes  Cloud  Downloaded onto portable devices / laptops  Paper files (what is at your house?)  Who has remote access? Downloaded files..
  • 37. Compliance Basics – 8 Point Compliance Checklist And Procedures 37 Conduct a risk assessment  Identify areas of greatest vulnerability and address these first  Encryption for portable devices  HIPAA compliance training  Patch management
  • 38. Compliance Basics – 8 Point Compliance Checklist And Procedures 38 Mitigate against identified risks Control your vendors and business partners  Look at contracts for indemnification  Control access; password management Implement a continuous workforce training and awareness program  Training – at least annually; including all staff Review and Update Company policy – at least annually
  • 39. 39 Reduce Risk – Utilize the Risk Management Website  Risk Assessment tools  Risk Management tips and Best Practices  Reduce Risk Easily – simple steps to do now  Be prepared – steps to take now  Policies – download
  • 40. 40 Manage Breach- Responding to an Incident  Immediate Response – mitigate the potential damage to patients by acting quickly  Breach Notification Requirements – must comply with both Federal and State Law  Report Data Breach – insurance policy includes coverage to retain counsel to advise on the proper response
  • 41. 41 Summary  Proactive steps – critical to minimize and prevent breaches  Encryption  Utilize the resources that CAP includes for all insured members  Training – both proactive and defense measure  Report Data Breach – insurance coverage includes immediate breach response management
  • 42. Thank You 42 Chris Reese Vice President, Director of Underwriting Melvin Osswald Vice President, Program Underwriting www.nasinsurance.com