No healthcare organization is completely protected from a data breach. When one occurs, security leaders and hospital executives have a myriad of actions to take, mitigations to initiate and governing bodies to respond to. All of these steps, and more, can be done more easily and thoroughly with the help of a cybersecurity attorney, according to a CIO report.
Law firms are responding to the rising demand for cybersecurity attorneys by initiating cybersecurity and data privacy sections of their firms, Amy Terry Sheehan, editor-in- chief of Cybersecurity Law Report told CIO. The need for this type of specialization isn't unique to healthcare — almost every company hosts personally identifiable online.
Here are four ways a cybersecurity attorney is a valuable asset for CIOs.
1. Outside counsel can be largely helpful in coordinating incident response plans. Even companies that have in-house counsel will often turn to outside counsel for more complicated legal issues or scenarios, Ms. Sheehan said. Additionally, having outside counsel on retainer can be helpful to quickly and efficiently respond to security incidents.
2. Cybersecurity attorneys are critical to handling governmental or regulatory issues related to a data breach while CIOs and IT leaders focus on the technical aspects. The attorneys' expertise in breach scenarios, personnel policies, cyber liability insurance and working with the government can help shape an organization's response plan.
3. Counsel is critical in mitigating litigation risks, especially as lawsuits are increasingly being filed immediately after notification of a breach. "You'll not have valuable advice in advance of a breach, which presents litigation risks, and litigation is becoming much more common," Ms. Sheehan said.
4. Preparation in anticipation of a breach can be the difference between how the government perceives an organization. "The government is giving favor to companies that are well-prepared and willing to cooperate," Mark Harrington, general counsel at Guidance Software, said in the report. "If you don't have the internal expertise, you should find an expert law firm, educate yourself or find a vendor."
More articles on cybersecurity:
Security threats keeping you up at night? 4 considerations for hospital leaders
16 latest updates on data breaches, privacy incidents and HIPAA violations
Idaho creates state-level Cyber Security Task Force