Breach?Compromise? A Risk Assessment is Key!
Right now in the media, you hear plenty about breaches. But what really is a breach and what is the aftermath in a dental office? According to the HHS, “A breach is, generally, an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information.” A breach is where someone gains access to data that does not belong to them or they should not have access to.
There are two terms we need to understand. One is a Breach, and the other is a Compromise. That difference could save you and your practice. A Breach means the information has been accessed, or the access to information, such as a password, has been taken or used without permission. Compromise is where the data has been taken, viewed or used without permission. Think of the Breach as opening the vault door, Compromise is when the gold has been stolen!
Here’s the difference between the two. In a Compromise, you have to disclose or tell customers about what data was compromised. On the other hand, you can recover quietly from a Breach… and make important changes to your office processes! You can see the full definition and notification requirements here on the HHS website: https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html#:~:text=These%20individual%20notifications%20must%20be,the%20relationship%20with%20the%20individual
So how do you determine if you have had a Breach or a Compromise? You hire Cybersecurity professionals, specifically called Incident Response or IR, and they come in to perform forensics. They follow the clues and help prove or disprove that data was taken. These IR professionals work with insurance providers, cybersecurity firms, and even the FBI to help create or dismiss each case. When you have a breach they are one of the first people you should be calling to help you through what will be a trying and expensive time. The caveat… they can cost upward of $30,000 per incident.
What is your alternative to not using an IR? If you have had a breach, then the HHS requires you to notify all customers that you have had a compromise unless you have proof that you have not. Going that route may cost you even more than the $30,000 for IR!
Do these numbers surprise you? We have a blog coming out next month on the actual cost of a recent attack.
So how do you protect you and your business? Reach out to us today to perform a Risk Assessment. We will walk you through prevention processes and your options, including what you are required to do by law! We have helped many dental offices set up a plan and we can help you too!
