Incident Response: Best Practices for Incident Response in the Event of a Data Breach

By Neelendu Bose, AccordMS

Earlier last month, Quest Diagnostics joined the list of health care companies targeted by hackers when it announced a data breach that exposed the health information of about 34,000 people.  The data that was accessed included name, date of birth, lab results, and, in some instances, phone numbers, according to a Quest Diagnostics statement.

Quest Diagnostics provides diagnostic services to one in three adult Americans each year, as well as half of the physicians and hospitals in the U.S. The breach is the latest in a string of high-profile cyberattacks in the healthcare sector.

The Health Insurance Portability and Accountability Act (HIPAA) aims to ensure the privacy of medical information. However, this breach is yet another indication that despite regulations like HIPAA, healthcare organizations still aren’t doing enough to protect themselves. Data released earlier this year by security researcher Ponemon Institute said that breaches could be costing the healthcare industry $6.2 billion annually.

What are the best practices for incident response in the event of a data breach? In general the first line of defense for most cybersecurity plans should be prevention, however, no matter how large the institution and sophisticated their cybersecurity, the evolution and open architecture of the internet still creates opportunities for intrusion. In this situation, it is critically important that institutions have a plan to respond to any intrusions. The infrastructure created should include a succinct plan, with defined roles, training, communication and oversight.

Promptly and strategically addressing a breach should be the primary objective.  This may ensure that security and integrity is restored and evidence of the breach is recorded properly. The incident response plan should include amongst other things:

  1. Roles and Responsibilities
  2. Detection and Reporting and Evaluating (Internal)
  3. Containing and Eliminating the Breach
  4. Initiating the Response Plan and Restore Normal Operations
  5. Monitor Post Event Action plan

The response plan should eliminate any presence of the intrusion, and restore the systems integrity or network. It is critical that the breach plan removes all breaches to the systems and prevents the incident from spreading any further. The initial goal should always be containing the event. It is important to note that completely eradicating the event may prevent or slow down further investigation into the cause of the event; therefore, careful consideration must be given to how the organization can recover quickly and perform advanced analysis.

It is important to note that one of the most critical parts of the response plan is to gather as much information related to the breach as possible, immediately notify upper management and retain legal counsel and if necessary contacts the proper law enforcement. [1] Additional best practices include:

  1. review protocols of breach plan,
  2. alerting the appropriate personnel,
  3. securing the premises,
  4. prevent further breach or data loss,
  5. initiate a thorough investigation (obtain external forensics team if necessary)
  6. interviewing the appropriate people,
  7. Asses the risks, and document everything consistently and thoroughly.

Having an effective compliance program in place for healthcare organizations will help eliminate data breaches, and a well-documented compliance program can help all employees know how to respond in case of an incident or breach. As the healthcare landscape continues to be the target of cyber attacks and data breaches, entities with effective compliance programs will be better equipped to respond and react to compliance concerns that impact their current organizational practices as well as any new challenges that the future may present.


[clickToTweet tweet=”Incident Response: Best Practices for Incident Response in the Event of a Data Breach. ” quote=”Incident Response: Best Practices for Incident Response in the Event of a Data Breach. ” theme=”style3″]

Neelendu Bose serves as an independent Ethics & Compliance Officer for small to midsize healthcare organizations. Mr. Bose has obtained his Healthcare Compliance Certification from the Seton Hall School of Law, where participants examine healthcare-related laws and regulations. The program prepares compliance professionals to work hand and hand with other compliance, ethics and integrity officers, as well as healthcare consultants, and legal professionals.

In his role as a Compliance Professional, he is responsible for establishing standards, policies and procedures pertaining to regulatory requirements to help ensure legal, ethical, and proper conduct.