Presentation is loading. Please wait.

Presentation is loading. Please wait.

Eleventh National HIPAA Summit 5.04 Security Incident Response – What to do if a breach occurs and how to mitigate damages Chris Apgar, CISSP.

Published byShanon Wood Modified over 9 years ago

Similar presentations

Presentation on theme: "Eleventh National HIPAA Summit 5.04 Security Incident Response – What to do if a breach occurs and how to mitigate damages Chris Apgar, CISSP."— Presentation transcript:

1 Eleventh National HIPAA Summit 5.04 Security Incident Response – What to do if a breach occurs and how to mitigate damages Chris Apgar, CISSP

2 Overview Background Establishing a security incident response team Forensics or how to investigate a breach Follow up or how to mitigate damages Summary & resources

3 Background HIPAA requirements Establishing policies and procedures Importance of documentation Mitigation of legal and regulatory risks Sound security practices

4 Establishing a Security Incident Response Team What is a security response team? Designing the program Corporate buy in Determining size of team based on policy and process requirements Establishing the team

5 Establishing a Security Incident Response Team Establishing a chain of command Supporting policies and procedures Designating a team lead Responsibilities of the team and team lead Training the team

6 Establishing a Security Incident Response Team Establishing a support structure in the organization Mapping out process and external resources What external resources may be needed? Relation to disaster recovery plan

7 Forensics or How to Investigate a Breach Stop any further breach Solving the “crime” Importance of creating an evidence trail Importance of creating un- impeachable evidence

8 Forensics or How to Investigate a Breach Investigating the breach Duties of the incident response team Establishing a command center Determining type of breach Determining if truly a breach or a malfunction of software/hardware

9 Forensics or How to Investigate a Breach Tracing the breach to its source Internal versus external breach – hacker versus employee Actions to be taken based on source of breach Regulatory requirements in some states

10 Forensics or How to Investigate a Breach A word about investigations Treat a breach as if you were a detective If criminal activity is present following proper forensic procedures is extremely important When is it necessary to call in the police, FBI, etc.?

11 Forensics or How to Investigate a Breach Use of external organizations to conduct investigations Advantages of external resources to smaller organizations Use of external resources does not mean it replaces at least a small incident response team Best to contract in advance of any incident

12 Follow Up or How to Mitigate Damages A word about mitigating damages Importance of proper backup and recovery processes Don’t forget proper forensics – keep a copy of the data in question before restoring safeguards, data, etc. Coordinate with incident response team

13 Follow Up or How to Mitigate Damages Fast action results in lower mitigation requirements Assess damage to data, hardware, software Coordinate with appropriate organizational representatives but keep the list short Determine if privacy breach also occurred

14 Follow Up or How to Mitigate Damages Determine whether to notify members or patients of any privacy breach Be aware of state reporting requirements (especially California) Avoiding adverse publicity Proactively responding if adverse publicity occurs

15 Follow Up or How to Mitigate Damages Limiting litigation or legal risk Limiting regulatory risk Why or why not report incidents to the authorities Internal versus external exposure

16 Follow Up or How to Mitigate Damages Internal versus external perpetrator Involving Human Resources Sanctions – consistency a must Determining the audience – who should I tell? Steps to limit future threat of similar nature

17 Follow Up or How to Mitigate Damages No requirement to report breach to OCR or CMS but state laws may require reporting What if CMS or OCR investigates? Importance of policies and procedures Check your contracts – do they require any specific reporting and when Returning to normal

18 Summary Establish incident response team before incidents occur The importance of forensics Importance of consistency and limiting exposure Fast reaction limits damages and mitigation costs Beware of regulatory, legal and public exposure

19 References NIST Special Publication 800-61: http://csrc.nist.gov/publications/nistpu bs/800-61/sp800-61.pdf http://csrc.nist.gov/publications/nistpu bs/800-61/sp800-61.pdf SANS: http://www.sans.orghttp://www.sans.org ISSA: http://www.issa.org http://www.issa.org WEDI: http://www.wedi.org/snip http://www.wedi.org/snip

20 References Handbook for Computer Security Incident Response Teams (Carnegie Mellon): http://www.sei.cmu.edu/publications/d ocuments/03.reports/03hb002.html http://www.sei.cmu.edu/publications/d ocuments/03.reports/03hb002.html FCC Computer Security Incident Response Guide: http://csrc.nist.gov/fasp/FASPDocs/in cident-response/Incident-Response- Guide.pdf http://csrc.nist.gov/fasp/FASPDocs/in cident-response/Incident-Response- Guide.pdf ISS Computer Security Incident Response Planning: http://documents.iss.net/whitepapers/ csirplanning.pdf http://documents.iss.net/whitepapers/ csirplanning.pdf

21 Q&A Chris Apgar, CISSP President Apgar & Associates, LLC 10730 SW 62 nd Place Portland, OR 97219 (503) 977-9432 (voice) (503) 816-8555 (mobile) Capgar@easystreet.com http://www.apgarandassoc.com

Download ppt "Eleventh National HIPAA Summit 5.04 Security Incident Response – What to do if a breach occurs and how to mitigate damages Chris Apgar, CISSP."

Similar presentations

Museum Presentation Intermuseum Conservation Association.

Museum Presentation Intermuseum Conservation Association.
Identifying and Responding to Security Incidents in the Law Firm

Identifying and Responding to Security Incidents in the Law Firm
Business Continuity Training & Awareness by Sulia Toutai (ANZ)

Business Continuity Training & Awareness by Sulia Toutai (ANZ)
Where to start Ben Burton, JD, MBA, RHIA, CHP, CHC.

Where to start Ben Burton, JD, MBA, RHIA, CHP, CHC.
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.

HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
Auditing Concepts.

Auditing Concepts.
1 Red Flags Rule: Implementing an Identity Theft Prevention Program Health Managers Network May 25. 2010 Chris Apgar, CISSP President, Apgar & Associates,

1 Red Flags Rule: Implementing an Identity Theft Prevention Program Health Managers Network May Chris Apgar, CISSP President, Apgar & Associates,
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
Spring 2008 Campus Emergency Management Program Overview

Spring 2008 Campus Emergency Management Program Overview
Security Controls – What Works

Security Controls – What Works
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Information Systems Security Officer

Information Systems Security Officer
Disaster Recovery and Business Continuity Gretchen Grey.

Disaster Recovery and Business Continuity Gretchen Grey.
12 th National HIPAA Summit – Managing a Data Security Audit Program 2.05, 1:15 PM Chris Apgar, CISSP Apgar & Associates, LLC.

12 th National HIPAA Summit – Managing a Data Security Audit Program 2.05, 1:15 PM Chris Apgar, CISSP Apgar & Associates, LLC.
Network security policy: best practices

Network security policy: best practices
Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth.

Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth.
COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.

COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.

Similar presentations

Ads by Google