The 10 Most Common Security Incident Response Mistakes (Part II)

June 24, 2011
Picking up where I left off in my last posting, here are five more common mistakes that health care organizations make in responding to data security

Picking up where I left off in my last posting, here are five more common mistakes that health care organizations make in responding to data security breaches:

6. Failing to train your personnel to spot a security breach. When a laptop is stolen that contains Social Security numbers or other personal information, it is a significant event that must be promptly reported to an organization's compliance and legal departments. If rank and file employees don't recognize a security breach when they see one, then the best security incident response plan will be ineffective.

7. Failing to follow proper computer forensic procedures. Before starting an investigation and reviewing systems directly, consider whether you're applying appropriate forensic procedures that might preserve evidence. By first making a forensic image, you preserve everything (including the metadata), so that you can return to that snapshot at any time. Such measures may permit an organization to identify a hacker's IP address.

8. Inadequate management of vendor relationships. A company that entrusts its personal information to a vendor should bind that vendor to reasonable privacy and security representations. For example, if a vendor is responsible for a breach, it should be required to notify its customer of the event within a relatively short time frame.

9. Failing to notify appropriate regulatory agencies. Even though it may not be required, health care organizations should consider whether relevant regulatory agencies, such as a state Department of Insurance regulating an HMO or insurer, would be offended if they read about a security breach in the paper. An increasingly wide range of health care regulatory agencies have asserted their jurisdiction to conduct investigations related to health care security breaches.

10. Failing to coordinate effectively with law enforcement authorities. Most state security breach notification laws permit you to delay notification if it would impede a criminal investigation. Carefully consider the appropriateness of notifying law enforcement, as well as which agency might most aggressively pursue the case, whether it's the local police department, the FBI or a local high tech crimes task force. But don't delay notification based upon a half-hearted investigation by the local PD into a routine laptop theft!

Sponsored Recommendations

Going Beyond the Smart Room: Empowering Nursing & Clinical Staff with Ambient Technology, Observation, and Documentation

Discover how ambient AI technology is revolutionizing nursing workflows and empowering clinical staff at scale. Learn about how Orlando Health implemented innovative strategies...

Enabling efficiencies in patient care and healthcare operations

Labor shortages. Burnout. Gaps in access to care. The healthcare industry has rising patient, caregiver and stakeholder expectations around customer experiences, increasing the...

Findings on the Healthcare Industry’s Lag to Adopt Technologies to Improve Data Management and Patient Care

Join us for this April 30th webinar to learn about 2024's State of the Market Report: New Challenges in Health Data Management.

Findings on the Healthcare Industry’s Lag to Adopt Technologies to Improve Data Management and Patient Care

2024's State of the Market Report: New Challenges in Health Data Management