Here are three steps for an effective security incident response plan, according to a whitepaper from id experts.
1. Understanding the event. First, determine the source of the incident. How high is the risk of exposure? To answer this question, determine the nature of any personal information exposed and how many people are potentially affected. Determine if the event was a discrete incident or if it is ongoing. Was the source of the incident malicious or not?
2. Assessment. Assess the incident to determine whether it is actually a data breach. Establish the nature and severity of the incident. Immediately take any possible remediation steps. Check whether the data affected or the incident itself qualifies for any safe harbor provisions.
3. Addressing a data breach. If the assessment determines the incident is a data breach, be prepared to take several steps including:
• Notify affected individuals.
• Begin crisis communications.
• Offer identity monitoring and protection.
• Ensure legal compliance.
• Take steps to manage future risk.
More articles on health IT:
Palm Beach County Health Department breached
AHA launches cybersecurity webpage resource for hospitals
FBI alert: CEO email scams have cost companies $2.3B in nearly 2 years
