Preventing Third Party Data Breaches

HOW TΟ STOP DATA BREACHES FROM RUINING YOUR BUSINESS Cleaning Up a Data Breach Costs a Lot of Money and Can Wreck Your Company's Reputation. v 10011 11 1001 10101010 0111 1101001 0 010001 010 1111000111 0 00110 100001 2016 o11 110 1/ In 2016, the average 1001 101 total cost per data 010 10 11 breach reached0000 110 10010110 O 1000 01011 00 10 2013 000 10001 100 000 $4 million That's a 29% increase since 2013! 1100 01011010 1010010 0 010 But, data breach costs greatly vary by industry. 01 From 2015-2016, the average global cost of a data breach per lost or stolen record rose from $154 to $158 Healthcare Education Transportation Research Public Sector $355 $246 $129 $112 $80 These high-profile companies and institutions have all experienced data breaches traced to third-party vendors of all data breaches IRS 63% TARGET are traced back to a acer Departnert of te Treesury third-party vendor or contractor Wenoys dōTERRA EQUIFAX WANT TO STAY AWAY FROM A WORST-CASE-SCENARIO DATA BREACH DUE TO A THIRD-PARTY VENDOR? Utilizing security tech tools preemptively has shown a $3 million reduction in the cost effects of cyber crime Follow Security Protocols to Reduce Losing Money and Reputation Mitigate security risks by choosing to work exclusively with certified vendors Have protocols in place for what information your vendors can access Most expensive consequences of cyber crime: INFORMATION LOSS OR THEFT BUSINESS DISRUPTION HOW CAN YOU MAKE SURE TO KEEP YOUR CUSTOMERS SAFE? Look for Third-Party Vendors with these Verifiable Certifications from Major Organizations That You Can Trust HITRUST AICPA SOC AICPA SOC: HITRUST: American Institute of CPAS Service Organization Controls Health Information Trust Establishes rules for handling financial records Not-for-profit organization that develops protocols and information, including by third-party vendors for handling sensitive health information and trains and certifies other companies on doing so S0 9007 NIST NIST: ISO 9001: ISO 9001 CERTIFIED National Institute of Standards and Technology International Standards Organization - Quality Management Sets standards for measuring scientific data and standards for technology use that improve security and enhance our quality of life Independent non-governmental organization which governs 164 different standards bodies 9001 states standards for customer service quality and risk assessment regardless of organization type HIPPA COMPLIANCE IS CRITICAL FOR HEALTHCARE CLIENTS HEALTHCARE DATA HAS SPECIFIC SECURITY REQUIREMENTS Health Insurance Portability and Accountability Act (HIPAA): Provides data privacy and security provisions for safeguarding medical information I Requires any potential data breaches to be treated as data breaches until proven otherwise I All businesses who have access to protected health information (PHI) must comply with HIPAA I Many companies lack resources or procedures for verifying third-party HIPAA compliance AS YOU OUTSOURCE CRITICAL SERVICES, HOW CAN YOU TRUST A THIRD-PARTY VENDOR TO BE COMPLIANT? DO THE LEG WORK AND VERIFY THEIR CERTIFICATIONS! Security Concerns to Watch for with Third-Party Billing Pay- ments, Printing, and Outsourcing. Third-Parties Can Handle Everything-Billing, Printing, Mailers, and More! BILLING AND PAYMENTS BILLING AND PAYMENTS o Medical, utilities, payroll, etc., take a lot of time O Financial data loss O 95% of physicians believe outsourcing billing is O Customer info the way to go o. HIPAA OUTSOURCING PRINTING o Sensitive medical information o Saves companies on infrastructure costs PRINTING AND MAILERS o Bills, appointment reminders, and marketing mailers have to be printed o HIPAA DIRECT MAIL Patient reminders o Marketing materials o Using direct mail is often the most reliable way to get responses, but few businesses can do this efficiently on their own O Customer info O 70-80% of consumers report opening almost o EOBS all of their mail O Explanation of benefits o 79% of consumers will act on mail immediately compared to 45% with emails SOURCES hitrustalliance.net www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid-SELO3094WWEN nist.gov blog.securityscorecard.com/2016/07/20/third-party-vendor-breaches-2016 iso.org/iso-9001-quality-managementhtml digitalguardian.com/blog/third-party-data-breach-problem computerworld.com/article/3177395/security/phishing-draining-the-corporate-bottom-line.html ponemon.org/local/upload/file/Data%2ORisk%201 %20the%20Third%20Party%20Ecosystem_BuckleySandler%20LL- P%20and%20Treliant%20Risk%20Advisors%20LLC%20Ponemon%20Research%202016%20-%20FINAL2.pdf healthitsecurity.com/news/are-third-parties-compromising-healthcare-data-security prnewswire.com/news-releases/medical-billing-out sourcing-market-worth-169-bil- lion-by-2024-grand-view-research-inc-596501001.html ponemon.org/local/upload/file/2016%20HPE%20CCCX20GLOBAL%20REPORT%20FINAL%203.pdf aicpa.org/InterestAreas/FRC/AssuranceAdvisoryServices/Pages/ServiceOrganization'sManagement.aspx thedma.org UnitedMail N NOWSOURCING