4 Steps Physician Groups Need to Take After a Cyber Breach

4 Steps Physician Groups Need to Take After a Cyber Breach

4 Steps Physicians Groups Need to Take After a Cyber Breach

1. Execute Incident Response and Contingency Plan

This response plan should be a designed set of instructions to help physician groups prepare for, detect, respond to, and recover from cyber-related incidents. These plans are primarily technology driven and address malware detection, data theft, service outages, and address departments such as HR, finance, and customer service, and a “who does what and when” plan.

2. Report the Crime to the Appropriate Law Enforcement

This may include state or local law enforcement, the FBI, or the Secret Service. Swift reporting can help facilitate the recovery of lost funds. Reports should not include PHI unless otherwise permitted under HIPAA.

3. Report all Cyber Threat Indicators to Federal and Information-Sharing and Analysis Organizations

Ex. Department of Homeland Security, the HHS Assistant Secretary for Preparedness and Response, and private sector cyber threat ISAOs.

4. Report the Breach to Affected Patients and to the Office for Civil Rights (OCR) as Soon as Possible

If the breach affects 500 or more patients, the practice must notify affected patients, OCR, and the media no later than 60 days after discovery of the breach unless law enforcement has requested a delay in reporting. If the cyber breach has affected fewer than 500 patients, the practice must notify the affected individuals without unreasonable delay, but no later than 60 days after discovery of the breach, and notify OCR within 60 days after the end of the calendar year in which the breach was discovered.

Contact us today to connect with a cyber expert on our team who can help you make sure you have appropriate coverage and can walk you through the steps you need to take after a cyber breach.



This material has been prepared for informational purposes only and was generated from information provided to BKS by the client and/or third-party sources. Therefore, BKS makes no warranty or representation(s) as to the accuracy or appropriateness of the data and/or the analysis herein. This information is not intended to provide, and should not be relied on for, tax, legal, or accounting advice. You should consult your tax, legal, and accounting advisors for those services.

No Comments yet!

Table of Contents

Photo (50)
June 2023 Baldwin Bulletin
A Compliance Newsletter by: The Baldwin Regulatory Compliance Collaborative (BRCC) Welcome to the June...
2023 Hurricane Preparedness webinar (3)
2023 Hurricane Preparedness Webinar
This webinar will go over important information on how you can start preparing your home, family, and...
Photo (49)
From Europe to the United States GDPR’s Influence on American Privacy Laws
If you’ve visited a website in the past few years, you’ve likely encountered some type of pop-up message...
Get in contact with an advisor today to see how BKS can support you.