Eleventh National HIPAA Summit 5.04 Security Incident Response – What to do if a breach occurs and how to mitigate damages Chris Apgar, CISSP.

Slides:

Advertisements

Similar presentations

Museum Presentation Intermuseum Conservation Association.

Advertisements

Identifying and Responding to Security Incidents in the Law Firm

Business Continuity Training & Awareness by Sulia Toutai (ANZ)

Where to start Ben Burton, JD, MBA, RHIA, CHP, CHC.

HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

Auditing Concepts.

1 Red Flags Rule: Implementing an Identity Theft Prevention Program Health Managers Network May Chris Apgar, CISSP President, Apgar & Associates,

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

Spring 2008 Campus Emergency Management Program Overview

Security Controls – What Works

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Information Systems Security Officer

Disaster Recovery and Business Continuity Gretchen Grey.

12 th National HIPAA Summit – Managing a Data Security Audit Program 2.05, 1:15 PM Chris Apgar, CISSP Apgar & Associates, LLC.

Network security policy: best practices

Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth.

COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Security Awareness Norfolk State University Policies.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Information Security Training for Management Complying with the HIPAA Security Law.

General Awareness Training

Proving Your Case - Computer Security Terrence P. Maher Abrahams Kaslow & Cassman

Evolving IT Framework Standards (Compliance and IT)

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

Web Security for Network and System Administrators1 Chapter 2 Security Processes.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

INCIDENT RESPONSE IMPLEMENTATION David Basham University of Advancing Technology Professor: Robert Chubbuck NTS435.

August Mr. Mike Finley, CISSP Senior Security Engineer Computer Science Corporation.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

UNIT 15 WEEK 9 CLASS 1 LESSON OVERVIEW Pete Lawrence BTEC National Diploma Organisational System Security.

A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

1 National Audioconference Sponsored by the HIPAA Summit June 6, 2002 Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan.

The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,

The RCMP Tech Crime Unit & Information Systems Security Presented to: ISSA January 26, 2005.

Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.

Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &

Chapter 16 Presented By: Stephen Lambert Disaster Recovery and Business Continuity.

Energize Your Workflow! ©2006 Merge eMed. All Rights Reserved User Group Meeting “Energize Your Workflow” May 7-9, Security.

Chris Apgar, CISSP President, Apgar & Associates, LLC December 12, 2007.

Chapter 8 Auditing in an E-commerce Environment

SAFEGUARDING YOUR ASSETS AND PREVENTING FRAUD

Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.

New EU General Data Protection Regulation Conference 2016 Managing a Data Breach Prevention-Detection-Mitigation By Gerard Joyce Dun Laoghaire Feb 24 th.

© 2003 McGraw-Hill Australia Pty Ltd, PPTs t/a Accounting Information & Reporting Systems by A. Aseervatham and D. Anandarajah. Slides prepared by Kaye.

Incident Response Christian Seifert IMT st October 2007.

AUDITING BUSINESS CONTINUITY PROGRAMS AND PLANS What to Look For Presented by: Tommye White, CBCP, DRP Chuck Walts, CBCP, CRP.

HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014.

Computer Security and the “H” word Glen Klinkhart, CEO Mike Messick, CTO.

Welcome to the ICT Department Unit 3_5 Security Policies.

Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.

Auditing Concepts.

Information Security Program

Making Incident Management Work for Your Organization

Responding to Intrusions

Cybersecurity Policies & Procedures ICA

Chapter 3: IRS and FTC Data Security Rules

Reporting personal data breaches to the ICO

The Privacy Cycle A Five-Step Process to Improve Your Privacy Culture

HIPAA Policy & Procedure Strategies

Introduction to the PACS Security

Presentation transcript:

Eleventh National HIPAA Summit 5.04 Security Incident Response – What to do if a breach occurs and how to mitigate damages Chris Apgar, CISSP

Overview Background Establishing a security incident response team Forensics or how to investigate a breach Follow up or how to mitigate damages Summary & resources

Background HIPAA requirements Establishing policies and procedures Importance of documentation Mitigation of legal and regulatory risks Sound security practices

Establishing a Security Incident Response Team What is a security response team? Designing the program Corporate buy in Determining size of team based on policy and process requirements Establishing the team

Establishing a Security Incident Response Team Establishing a chain of command Supporting policies and procedures Designating a team lead Responsibilities of the team and team lead Training the team

Establishing a Security Incident Response Team Establishing a support structure in the organization Mapping out process and external resources What external resources may be needed? Relation to disaster recovery plan

Forensics or How to Investigate a Breach Stop any further breach Solving the “crime” Importance of creating an evidence trail Importance of creating un- impeachable evidence

Forensics or How to Investigate a Breach Investigating the breach Duties of the incident response team Establishing a command center Determining type of breach Determining if truly a breach or a malfunction of software/hardware

Forensics or How to Investigate a Breach Tracing the breach to its source Internal versus external breach – hacker versus employee Actions to be taken based on source of breach Regulatory requirements in some states

Forensics or How to Investigate a Breach A word about investigations Treat a breach as if you were a detective If criminal activity is present following proper forensic procedures is extremely important When is it necessary to call in the police, FBI, etc.?

Forensics or How to Investigate a Breach Use of external organizations to conduct investigations Advantages of external resources to smaller organizations Use of external resources does not mean it replaces at least a small incident response team Best to contract in advance of any incident

Follow Up or How to Mitigate Damages A word about mitigating damages Importance of proper backup and recovery processes Don’t forget proper forensics – keep a copy of the data in question before restoring safeguards, data, etc. Coordinate with incident response team

Follow Up or How to Mitigate Damages Fast action results in lower mitigation requirements Assess damage to data, hardware, software Coordinate with appropriate organizational representatives but keep the list short Determine if privacy breach also occurred

Follow Up or How to Mitigate Damages Determine whether to notify members or patients of any privacy breach Be aware of state reporting requirements (especially California) Avoiding adverse publicity Proactively responding if adverse publicity occurs

Follow Up or How to Mitigate Damages Limiting litigation or legal risk Limiting regulatory risk Why or why not report incidents to the authorities Internal versus external exposure

Follow Up or How to Mitigate Damages Internal versus external perpetrator Involving Human Resources Sanctions – consistency a must Determining the audience – who should I tell? Steps to limit future threat of similar nature

Follow Up or How to Mitigate Damages No requirement to report breach to OCR or CMS but state laws may require reporting What if CMS or OCR investigates? Importance of policies and procedures Check your contracts – do they require any specific reporting and when Returning to normal

Summary Establish incident response team before incidents occur The importance of forensics Importance of consistency and limiting exposure Fast reaction limits damages and mitigation costs Beware of regulatory, legal and public exposure

References NIST Special Publication : bs/800-61/sp pdf bs/800-61/sp pdf SANS: ISSA: WEDI:

References Handbook for Computer Security Incident Response Teams (Carnegie Mellon): ocuments/03.reports/03hb002.html ocuments/03.reports/03hb002.html FCC Computer Security Incident Response Guide: cident-response/Incident-Response- Guide.pdf cident-response/Incident-Response- Guide.pdf ISS Computer Security Incident Response Planning: csirplanning.pdf csirplanning.pdf

Q&A Chris Apgar, CISSP President Apgar & Associates, LLC SW 62 nd Place Portland, OR (503) (voice) (503) (mobile)