Cloud Breach Response Steps

CLOUD BREACH RESPONSE STEPS PATH 1 DATA SENT TO THE CLOUD WAS NOT ENCRYPTED HEALTH CARE INFO NAME: Tucker McGrath ACCOUNT NUMBER: 1296-2347-876992 Protected Health Information (PHI) was exposed. Major cost to company - fines, remedy costs and customer churn. Don't wait, act quickly! STEP 1 Once IT/Security identifies issues, they remove the threat and apply a fix 2013 vs 2014 Data Breach Survey Avg Total Costs associated with data breach = $3.5 million (15% ↑) Avg Costs paid for stolen records = $145 (9% ↑ ) Ponemon Institute, May 2014 STEP 2 IT/Security communicates breach to Executive team and BOD STEP 3 Legal advises state and federal authorities of data breach $3.5 MILLION TOTAL COST 46 states, the District of Columbia, Puerto Rico and the Virgin Islands require, by law, notification of breaches Congressional Research Service Report for Congress, 2012 The Omnibus rule for Healthcare now carries much steeper fines. First time offenders could face up to $50,000 per offense per year. Those who have multiple violations, however, can face a devastating fine of $1.5 million. U.S. Department of Health and Human Services, Federal Register, January 25, 2013 It will be.. OKAY? STEP 4 Marketing/PR: Prepare external message, vebsite updates, talking points for employees STEP 5 Customer Support: train your team on how to communicate with customers in advance of the influx of calls you will likely receive SECURITY BREACH STEP 6 Customer and Employee Communication: Notify everyone about the breach. Explain steps company is taking to rectify the situation. NEWS STEP 7 PR: Report the breach to media and analysts, then brace for the inevitable backlash CONSIDER TOKENIZATION STEP 8 Implement a preventive strategy for the future PATH 2 CLOUD DATA PROTECTION GATEWAY IN PLACE F&34!ZP Data was tokenized for encryption. Relax, Personal Healthcare Information (PHI) was not compromised. Business Impact: None That's it. You're done. Cheers! Perspecsys Making the Public Cloud Private