[BreachExchange] Incident Response: Best Practices for Incident Response in the Event of a Data Breach.

Audrey McNeil audrey at riskbasedsecurity.com
Fri Feb 3 16:55:47 EST 2017


http://complianceandethics.org/incident-response-best-
practices-incident-response-event-data-breach/

Earlier last month, Quest Diagnostics joined the list of health care
companies targeted by hackers when it announced a data breach that exposed
the health information of about 34,000 people.  The data that was accessed
included name, date of birth, lab results, and, in some instances, phone
numbers, according to a Quest Diagnostics statement.

Quest Diagnostics provides diagnostic services to one in three adult
Americans each year, as well as half of the physicians and hospitals in the
U.S. The breach is the latest in a string of high-profile cyberattacks in
the healthcare sector.

The Health Insurance Portability and Accountability Act (HIPAA) aims to
ensure the privacy of medical information. However, this breach is yet
another indication that despite regulations like HIPAA, healthcare
organizations still aren’t doing enough to protect themselves. Data
released earlier this year by security researcher Ponemon Institute said
that breaches could be costing the healthcare industry $6.2 billion
annually.

What are the best practices for incident response in the event of a data
breach? In general the first line of defense for most cybersecurity plans
should be prevention, however, no matter how large the institution and
sophisticated their cybersecurity, the evolution and open architecture of
the internet still creates opportunities for intrusion. In this situation,
it is critically important that institutions have a plan to respond to any
intrusions. The infrastructure created should include a succinct plan, with
defined roles, training, communication and oversight.

Promptly and strategically addressing a breach should be the primary
objective.  This may ensure that security and integrity is restored and
evidence of the breach is recorded properly. The incident response plan
should include amongst other things:

1. Roles and Responsibilities
2. Detection and Reporting and Evaluating (Internal)
3. Containing and Eliminating the Breach
4. Initiating the Response Plan and Restore Normal Operations
5. Monitor Post Event Action plan

The response plan should eliminate any presence of the intrusion, and
restore the systems integrity or network. It is critical that the breach
plan removes all breaches to the systems and prevents the incident from
spreading any further. The initial goal should always be containing the
event. It is important to note that completely eradicating the event may
prevent or slow down further investigation into the cause of the event;
therefore, careful consideration must be given to how the organization can
recover quickly and perform advanced analysis.

It is important to note that one of the most critical parts of the response
plan is to gather as much information related to the breach as possible,
immediately notify upper management and retain legal counsel and if
necessary contacts the proper law enforcement. [1] Additional best
practices include:

1. review protocols of breach plan,
2. alerting the appropriate personnel,
3. securing the premises,
4. prevent further breach or data loss,
5. initiate a thorough investigation (obtain external forensics team if
necessary)
6. interviewing the appropriate people,
7. Asses the risks, and document everything consistently and thoroughly.

Having an effective compliance program in place for healthcare
organizations will help eliminate data breaches, and a well-documented
compliance program can help all employees know how to respond in case of an
incident or breach. As the healthcare landscape continues to be the target
of cyber attacks and data breaches, entities with effective compliance
programs will be better equipped to respond and react to compliance
concerns that impact their current organizational practices as well as any
new challenges that the future may present.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170203/b79efad0/attachment.html>


More information about the BreachExchange mailing list