4 Steps Physician Groups Need to Take After a Cyber Breach

4 Steps Physician Groups Need to Take After a Cyber Breach

4 Steps Physicians Groups Need to Take After a Cyber Breach

1. Execute Incident Response and Contingency Plan

This response plan should be a designed set of instructions to help physician groups prepare for, detect, respond to, and recover from cyber-related incidents. These plans are primarily technology driven and address malware detection, data theft, service outages, and address departments such as HR, finance, and customer service, and a “who does what and when” plan.

2. Report the Crime to the Appropriate Law Enforcement

This may include state or local law enforcement, the FBI, or the Secret Service. Swift reporting can help facilitate the recovery of lost funds. Reports should not include PHI unless otherwise permitted under HIPAA.

3. Report all Cyber Threat Indicators to Federal and Information-Sharing and Analysis Organizations

Ex. Department of Homeland Security, the HHS Assistant Secretary for Preparedness and Response, and private sector cyber threat ISAOs.

4. Report the Breach to Affected Patients and to the Office for Civil Rights (OCR) as Soon as Possible

If the breach affects 500 or more patients, the practice must notify affected patients, OCR, and the media no later than 60 days after discovery of the breach unless law enforcement has requested a delay in reporting. If the cyber breach has affected fewer than 500 patients, the practice must notify the affected individuals without unreasonable delay, but no later than 60 days after discovery of the breach, and notify OCR within 60 days after the end of the calendar year in which the breach was discovered.

Contact us today to connect with a cyber expert on our team who can help you make sure you have appropriate coverage and can walk you through the steps you need to take after a cyber breach.



This material has been prepared for informational purposes only and was generated from information provided to BKS by the client and/or third-party sources. Therefore, BKS makes no warranty or representation(s) as to the accuracy or appropriateness of the data and/or the analysis herein. This information is not intended to provide, and should not be relied on for, tax, legal, or accounting advice. You should consult your tax, legal, and accounting advisors for those services.

No Comments yet!

Table of Contents

Recents Post
June Pulse
June 2024 The Pulse Newsletter
Golf cc hospitality state of the market
Hospitality, Golf, and Country Club Market Update
Heat Related webpage
Heat Illness and Workers' Safety Precautions

This document is intended for general information purposes only and should not be construed as advice or opinions on any specific facts or circumstances. The content of this document is made available on an “as is” basis, without warranty of any kind. Baldwin Risk Partners, LLC (“BRP”), its affiliates, and subsidiaries do not guarantee that this information is, or can be relied on for, compliance with any law or regulation, assurance against preventable losses, or freedom from legal liability. This publication is not intended to be legal, underwriting, or any other type of professional advice. BRP does not guarantee any particular outcome and makes no commitment to update any information herein or remove any items that are no longer accurate or complete. Furthermore, BRP does not assume any liability to any person or organization for loss or damage caused by or resulting from any reliance placed on that content. Persons requiring advice should always consult an independent adviser.

Baldwin Risk Partners, LLC offers insurance services through one or more of its insurance licensed entities. Each of the entities may be known by one or more of the logos displayed; all insurance commerce is only conducted through BRP insurance licensed entities. This material is not an offer to sell insurance.

Get in contact with an advisor today to see how BKS can support you.