The Data Breach: How to Stay Defensible Before, During & After the Incident

Similar documents
Cyber Insurance: What is your bank doing to manage risk? presented by

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action

Cybersecurity and Nonprofit

PTLGateway Data Breach Policy

DeMystifying Data Breaches and Information Security Compliance

Preparing for a Breach October 14, 2016

HIPAA How to Comply with Limited Time & Resources. Jonathan Pantenburg, MHA, Senior Consultant August 17, 2017

Cybersecurity The Evolving Landscape

Security and Privacy Breach Notification

HIPAA UPDATE. Michael L. Brody, DPM

2017 Data Security Incident Response Report. Be Compromise Ready: Go Back to the Basics

Cyber Attack: Is Your Business at Risk?

Policy and Procedure: SDM Guidance for HIPAA Business Associates

HIPAA in 2017: Hot Topics You Can t Ignore. Danika Brinda, PhD, RHIA, CHPS, HCISPP March 16, 2017

Information Security Incident Response Plan

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

Cyber Security Issues

Privacy & Information Security Protocol: Breach Notification & Mitigation

Information Security Incident Response Plan

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

PULSE TAKING THE PHYSICIAN S

PRIVACY-SECURITY INCIDENT REPORT

HIPAA Privacy & Security Training. Privacy and Security of Protected Health Information

Cyber Attacks and Data Breaches: A Legal and Business Survival Guide

Cybersecurity in Higher Ed

10 FOCUS AREAS FOR BREACH PREVENTION

You ve Been Hacked Now What? Incident Response Tabletop Exercise

2017 RIMS CYBER SURVEY

Cyber Risks in the Boardroom Conference

CYBER SECURITY AND MITIGATING RISKS

Data Privacy Breach Policy and Procedure

Credit Card Data Compromise: Incident Response Plan

Data Breach Preparation and Response. April 21, 2017

PLEASE NOTE. - Text the phrase MICHAELBERWA428 to the number /23/2016 1

UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA

Why you MUST protect your customer data

Security Audit What Why

Managing Cybersecurity Risk

Nine Steps to Smart Security for Small Businesses

Legal Considerations and Case Studies

T11: Incident Response Clinic Kieran Norton, Deloitte & Touche

Elements of a Swift (and Effective) Response to a HIPAA Security Breach

encrypted, and that all portable devices (laptops, phones, thumb drives, etc.) be encrypted while in use and while at rest?

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Breaches and Remediation

HIPAA Privacy, Security and Breach Notification

The HIPAA Omnibus Rule

Reducing Cyber Risk in Your Organization

Healthcare HIPAA and Cybersecurity Update

LCU Privacy Breach Response Plan

The Impact of Cybersecurity, Data Privacy and Social Media

Electronic Communication of Personal Health Information

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Lessons Learned: A Real Life Data Breach. Jigar Kadakia Partners HealthCare

DON T GET STUNG BY A BREACH! WHAT'S NEW IN HIPAA PRIVACY AND SECURITY

Incident Response: Are You Ready?

(c) Apgar & Associates, LLC

An Overview of the Gramm-Leach-Bliley (GLB) Act and the Safeguards Rule

SHS Annual Information Privacy and Security Training

HIPAA COMPLIANCE WHAT YOU NEED TO DO TO ENSURE YOU HAVE CYBERSECURITY COVERED

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services.

Orlando, FL September 23-27, Your School Has Been Breached Now What? Cyber Incident Simulation Exercise

Sword vs. Shield: Using Forensics Pre-Breach in a GDPR World. September 20, 2017

Regulation P & GLBA Training

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

Incident Response Services

Cyber Risk & Mitigation Strategies for the Real World

PS 176 Removable Media Policy

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

ANATOMY OF A DATA BREACH: DEVELOPMENTS IN DATA SECURITY AND CLOUD COMPUTING LAW

The Cyber War on Small Business

How to Respond to a HIPAA Breach. Tuesday, Oct. 25, 2016

Department of Management Services REQUEST FOR INFORMATION

Breaches and Remediation

Data Breach Preparedness & Response

Data Breach Preparedness & Response. April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH

INFORMATION SECURITY-SECURITY INCIDENT RESPONSE

Sage Data Security Services Directory

mhealth SECURITY: STATS AND SOLUTIONS

Business continuity management and cyber resiliency

CYBERSECURITY: STAYING ONE STEP AHEAD DANIEL D. WHITEHOUSE, ESQ. WHITEHOUSE & COOPER, PLLC

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.

THE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK

Unified Communications Phase 2 Presentation to IT Services Users Group

Business White Paper. Healthcare IT In The Cloud: Predicting Threats, Protecting Patient Data

How to Prepare a Response to Cyber Attack for a Multinational Company.

A practical guide to IT security

Data Compromise Notice Procedure Summary and Guide

Internet of Things Toolkit for Small and Medium Businesses

Cyber Security. The Question of the Day. Sylint Group, Inc. How did we come up with the company name Sylint and what does it mean?

2015 HFMA What Healthcare Can Learn from the Banking Industry

HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp

PCI Compliance. What is it? Who uses it? Why is it important?

SECURITY & PRIVACY DOCUMENTATION

Agenda. Security essentials. Year in review. College/university challenges. Recommendations. Agenda RSM US LLP. All Rights Reserved.

Getting Started with Cybersecurity

HIPAA Security Manual

Transcription:

The Data Breach: How to Stay Defensible Before, During & After the Incident

Alex Ricardo Beazley Insurance Breach Response Services

Lynn Sessions Baker Hostetler Partner

Michael Bazzell Computer Security Specialist & Privacy Consultant

What we are NOT doing today: Providing Legal Advice Informational Purposes Only You should consult with Privacy Counsel for any decisions surrounding your Incident Response Plan or Data Breach Response Methodology

A data breach isn t always a disaster Mishandling it is.

Agenda A Brief Review of Data Breaches and Breach Trends Commonalities with Cyber Attacks The Breach Response Methodology Cases

What is a Data Breach? Actual release or disclosure of information to an unauthorized individual/entity that relates to a person and that: May cause the person inconvenience or harm (financial/reputational) Personally Identifiable Information (PII) Protected Healthcare Information (PHI) May cause your company inconvenience or harm (financial/reputational) Customer Data, Applicant Data Current/Former Employee Data, Applicant Data Corporate Information/Intellectual Property Paper or Electronic

Spectrum of Risk Improper Disposal of Data Paper Un-shredded Documents File cabinets without checking for contents X-Ray Images Electronic assets computers, smart phones, backup tapes, hard drives, servers, copiers, fax machines, scanners, printers Phishing/Spear Phishing Attacks Network Intrusions/Hacks/Malware Viruses Lost/Missing/Stolen Electronic Assets Mishaps due to Broken Business Practices Rogue Employees

Commonalities of Cyber Attacks Will be an external attack involving hacking and malware Vulnerability created by third party vendor Will not be detected for months Breached entity will learn from third party Initial exploit relatively simple and avoidable

Most Common Intrusion (Email) Email Phishing Action Motivators Greed ($) Fear (Oh No!) Curiosity (What If?) Compassion (Oh My ) Urgency (The Boss-Spoofed Message) Email Phishing Indicators Use of Authority (You Must!) Time Constraints (Right Away!)

Two Questions Is the request REASONABLE? Does it employ EMOTION?

Do NOT use the B word Perception is Half the Battle People use breach too frequently and you don t want your customers or regulators to think you are subject to numerous breaches Breach suggests something bad happened or is going to happen Breach has legal significance Train your Incident Response Team to not use Breach within internal communications as you vet out or investigate the Security Incident

What do regulators like? Transparency: no cover up Prompt and thorough investigation Good attitude & cooperation Commitment to compliance and safeguarding PII Appropriate and prompt notification Corrective action Know the root cause and address it Staff training & awareness program Technical safeguards Enhanced policies/procedures/physical safeguards Employee sanctions Remediation and mitigation

What do regulators dislike? Unencrypted backup tapes Unencrypted portable devices SQL injection Slow incident detection and notification Default configurations/passwords Absence of appropriate policies Insufficient employee training/awareness Insufficient dedicated security roles Failure to address issues identified by risk assessments Refusal to provide incident reports and forensic investigation report

The Breach Response Methodology Phase 1 Phase 2 Phase 3 Phase 4 Discovery Investigation Response Defense Theft, loss, or Unauthorized Disclosure of Personally Identifiable Non-Public Information or Third Party Corporate Information that is in the care, custody or control of the Insured Organization, or a third party for whom the Insured Organization is legally liable Forensic Investigation and Legal Review Notification and Credit Monitoring Public Relations Class-Action Lawsuits Regulatory Fines, Penalties, and Consumer Redress Reputational Damage Income Loss

Why background screening and vendor vetting is important Entity Affected: College/University Incident Details: Lack of proper vetting of employer-attendees allowed criminals impersonating an employer to attend a job fair for college seniors. Criminals successfully secured identities via job application forms. Data Format: Paper records Information Compromised: Name, DOB, SSN#, Email Address, Address, Phone # Breach Universe: 500+

Why forensics is important Entity Affected: Financial Services Firm Incident Details: Company suffered a malware intrusion and initially believed all 280,000 customers PII was compromised. Forensics reversed engineered the malware to determine it was only collecting credit card numbers beginning with 3. (American Express Cards) Without Forensics, the company would have notified the entire population. Data Format: Electronic Information Compromised: Name, Credit Card # Breach Universe: 30,000+

Paper breaches do happen Entity Affected: College/University Incident Details: Alumni Newsletter mailing label accidently included the SSN# field. As such all alumni SSN#s were exposed publicly on the mailing label. Data Format: Paper records Information Compromised: Name, SSN#, Address Breach Universe: 125,000+

Do not ass-u-me you know the facts Entity Affected: Hospital Incident Details: Hospital did a disaster drill. Set up 20 laptops, one in each ER suite. To replicate lost power, each laptop was to be set up with all 500,000 EHRs of the hospital. During course of drill, 1 laptop went missing. Initial Response: Hospital called a press conference to acknowledge a loss of 500,000 EHRs. They held the press conference BEFORE the investigation. Investigation: Investigation identified time of loss via surveillance cameras in the ER. IT reviewed network logs for downloading the 500,000 EHRs to each laptop and noticed 1 laptop did not receive the 500,000 EHRs. Investigation took 48 hours. Conclusion: It was forensically concluded that the missing laptop was stolen BEFORE the download of 500,000 records occurred. Data Format: Electronic Information Compromised: PHI Breach Universe: ZERO Non-Event Aftermath: The hospital had to hold a second press conference about the false alarm.

Thank You Questions? It s bad enough a company may possibly face liability from the data breach itself. The last thing you want is to create further liability exposure from how you respond to the incident. Making sure you are kept in the best defensible position possible during the course of your breach response methodology should be a priority.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback