How to Disclose a Healthcare Data Breach

It’s a nightmare nobody wants to experience. Your healthcare organization has been hacked and your patient data is floating around in the ether; likely stolen by some malevolent hacker.

Try as you might, you can’t push this thought out of your mind as an unpleasant or paranoid fantasy because it is a reality. Healthcare breaches happen all the time, which is why it is important to know how to handle it before it happens to you.

Below are a few tips on discovering and disclosing a healthcare data in a way that will protect your company and ease your patients. It may not be easy, but so long as you have a data breach insurance provider on hand, you won’t have to suffer this alone.

Developing an Incident-Response Plan

The absolute first step to handling a data breach is preparing for a data breach, long before it happens. This means developing an incident-response plan that maps out exactly how to handle the breach. This should include who should oversee every step of the process and assign certain duties to various departments.

For example, it might be IT’s job to assess the damages while HR alerts employees on keep quiet until the cause and consequences are determined. By setting these steps up beforehand, you can save yourself, your employees and your patients a lot of heartache and stress.

Scheduling a Regular Checkup

You probably tell your patients to come in once a year for a routine checkup. Sure, you might not spot anything the first time or even the third time. But it’s important to impress upon your patients the necessity of tackling health issues before they fester. Believe it or not, the same rule applies to medical organizations.

Think about hiring a cybersecurity analyst (or a team) to come into your building once every six months or so, to inspect your network for signs of incursion. Hopefully, they never find anything amiss – but if they do, you could save yourself the pain of discovering a major data breach two or three years down the line.

However, if something alarming is discovered, you’ll need to discover what was stolen or leaked and how this happened.

Disclosing the Breach to Partners & Providers

The next step is to alert your partners against cybercrime. This includes your data breach insurance provider, law enforcement and any external cybersecurity professionals you may be working with. These folks are on your side and will help you assess the damages.

Disclosing the Breach to Patients & the Public

Here’s the tough part – breaking the news to your patients and the public. Inform your patients on exactly what has been stolen, how this might affect them and what steps you are taking to remedy the issue. This can be done through an email alert, blog post or physical letter delivered to their address on file.

All that’s left now is to hunker down with your insurance provider to prepare for litigation. It might not happen, but it could. And it’s better to be prepared for the worst.

 The nice part is that if you have a data breach insurance policy, you won’t have to suffer this process alone. Your provider will have your back every step of the way. Visit CyberPolicy to be linked with a provider before your healthcare organization is hit by a data breach!

 

"

© 2016-2020 CyberPolicy, Inc. All rights reserved. CyberPolicy®, "Plan. Prevent. Insure."™, and "CyberCheckup"™ are trademarks of CyberPolicy, Inc.
DBA: CyberPolicy Insurance Solutions CA License No. 0L13180
DBA: CoverHound Insurance Solutions CA License No. 0H52375