Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact. February 10, 2015

Similar documents
Data Security Best Practices for In-House Counsel

Information Governance Roadmap

PREPARING FOR THE NEW PCI DATA SECURITY STANDARDS

Cyber Risks in the Boardroom

Lessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd

Data Breach and Senior Living Communities May 29, 2015

The Legal Pitfalls of Failing to Develop Secure Cloud Services

Best practices and insight to protect your firm today against tomorrow s cybersecurity breach

Network Security & Privacy Landscape

Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind

Healthcare in the Crosshairs for Data Breaches. April 22, Deborah Hiser (512)

Privacy Law Basics and Best Practices

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements

Presentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy

Cybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP

Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer?

T H E R E A L C O S T O F A D ATA B R E A C H

Jefferson Glassie, FASAE Whiteford, Taylor & Preston

Cyber Insurance Presentation

DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

Mitigating and managing cyber risk: ten issues to consider

Discussion on Network Security & Privacy Liability Exposures and Insurance

Law Firm Cyber Security & Compliance Risks

Network Security & Privacy Landscape

Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked

What Data? I m A Trucking Company!

Anatomy of a Privacy and Data Breach

Cybersecurity: Lessons from 2014 Prevention, Reaction & Communication

Managing Cyber Threats Risk Management & Insurance Solutions. Presented by: Douglas R. Jones, CPCU, ARM Senior Vice President & Principal

MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS

2015 PIAA Corporate Counsel Workshop October 22 23, 2015 Considerations in Cyber Liability Coverage

Preventing And Dealing With Cyber Attacks And Data Breaches. Arnold & Porter LLP Lockheed Martin WMACCA February 12, 2014

RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION

CYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison

SMB Data Breach Risk Management Best Practices. By Mark Pribish February 19, 2015

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS Data Breach : The Emerging Threat to Healthcare Industry

Pristine Technology Solutions, Inc.

Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc.

Brief. The BakerHostetler Data Security Incident Response Report 2015

Managing Cyber & Privacy Risks

Adopting a Cybersecurity Framework for Governance and Risk Management

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?

Cybersecurity y Managing g the Risks

Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches

Health Care Data Breach Discovery Strategies for Immediate Response

Privacy & Data Security

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS

Cyberinsurance: Insuring for Data Breach Risk

Rogers Insurance Client Presentation

Best Practices in Incident Response. SF ISACA April 1 st Kieran Norton, Senior Manager Deloitte & Touch LLP

Privacy Rights Clearing House

The Impact of HIPAA and HITECH

Delaware Cyber Security Workshop September 29, William R. Denny, Esquire Potter Anderson & Corroon LLP

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks

Presentation to ACC Charlotte. Data Security & Privacy. November 2, Presented by: William J. Cook C. Andrew Konia Mark J.

6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013

Understanding the Business Risk

Cybercrime: Protecting Your Digital Assets in Today's Threat Landscape

Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015

DEFENSIBLY DOWNSIZING YOUR DATA: WHERE TO BEGIN WITH RECORDS RETENTION AND MAINTAINING COMPLIANCE. June 5, 2015

The Future of Data Breach Risk Management Response and Recovery. The Cybersecurity Forum April 14, 2016

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

Cyber Liability. Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group Ext. 7029

Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide

TODAY S AGENDA. Trends/Victimology. Incident Response. Remediation. Disclosures

3/4/2015. Scope of Problem. Data Breaches A Daily Phenomenon. Cybersecurity: Minimizing Risk & Responding to Breaches. Anthem.

Mastering Data Privacy, Protection, & Forensics Law

Current Developments Concerning Cybersecurity. ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016

Prepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014

TRENDS IN CYBER LIABILITY Presented by Chris DiIenno Data Privacy and Network Security Group Lewis Brisbois Bisgaard & Smith

Cyber Security for the Private Sector: What Companies and Their Lawyers Need to Know

HIT Audit Workshop. Jeffrey W. Short.

GALLAGHER CYBER LIABILITY PRACTICE. Cyber Risk Exposures and Solutions

Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec

Data Security: Risks, Compliance and How to be Prepared for a Breach

Privacy / Network Security Liability Insurance Discussion. January 30, Kevin Violette RT ProExec

cyber liability insurance.

Privacy and Data Breach Protection Modular application form

The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v

Be Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance

Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00)

4/30/2015 CYBER LIABILITY AND AVIATION AGENDA LEARNING OBJECTIVES. Presented by Hal Hunt May 3, 2015

Cyber Risks Management. Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor

Anatomy of a Breach: A case study in how to protect your organization. Presented By Greg Sparrow

Cyber Risk in Healthcare AOHC, 3 June 2015

HIPAA Cyber Security: Your Vendor is a Back Door to Your Server

HIPAA Privacy Rule Policies

HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help

HIPAA Compliance: Efficient Tools to Follow the Rules

Cybercrime and Regulatory Priorities for Cybersecurity

Data Privacy, Security, and Risk Management in the Cloud

Cyber Insurance: How to Investigate the Right Coverage for Your Company

Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom. kpmg.bm

Zip It! Feds, State Strengthen Privacy Protection. Practice Management Feature July Tex Med. 2012;108(7):33-37.

Cyber, Security and Privacy Questionnaire

plantemoran.com What School Personnel Administrators Need to know

Transcription:

Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact February 10, 2015

Overview 1 The Legal Risks And Issues/The Role Of Legal Counsel: The Breach Coach The Slippery Slope of Data: Where Are The Vulnerabilities? Why Do Hackers Want Data? Because That s Where The Money Is... Information Governance: What Do You Have And How Do You Protect It? Risk Mitigation And Insurance Pulling It All Together When The Worst Happens: The Data Breach Response

The Legal Framework 2 Pre-Breach Risk Management: statutory and contractual requirements, best practices The Post-Breach Legal Landscape Consumer and Employee Class Actions B2B Litigation Regulatory Investigations, Enforcement Actions, and Penalties The Role of Legal Counsel

Risk Management, Privacy and Data Security 3 Website Review and Audit Privacy Policy Gap Analysis Geolocation and Consumer Information Collection Advice Review of Digital Media Policies Review for COPPA, VPPA, HIPAA/HITECH Privacy Review of Mobile apps Data Compliance and Counseling Security Privacy and network policy security development and review Incident response Gap analysis and audit review of policies and practices Legal advice on compliance with HIPAA/HITECH Litigation Defense Insurance Coverage Crisis Management Litigation Avoidance Class Action Defense Coverage Defense Analysis of applicable notice obligations Risk Management Information Governance Coordination of Privacy and Data Security Policies Compliance with state and federal regulations Advice on policy development and implementation Advice on Board recommendations Federal cyberrisk business development Advocacy and public policy Contact: Donna L. Wilson DLWilson@manatt.com 310.312.4144 P&DS Webpage

Information Security & Privacy Exposures 4 Privacy Exposure Wrongful Use Wrongful Collection Physical Theft of Sensitive Info Electronic Accidental Disclosure Non-Electronic Accidental Disclosure Information Security Exposure Cyber Attacks

Cyber Breaches 5 75% of Breaches reported were due to Human Error/Negligence Mobile Device Breach Laptop thefts controlled by two healthcare organizations led to an investigation by the Office for Civil Rights. It was discovered that not all devices containing PHI were encrypted. It was also discovered that one of the organizations failed to comply with numerous HIPAA requirements for several years. Both organizations were required to pay a monetary settlement and required to implement a corrective action plan that included providing status updates to HHS. Total paid = $2M

Cyber Breaches (cont d) 6 75% of Breaches reported were due to Human Error/Negligence Hacking Breach Cyber terrorist group hacked into company s network accessing over 100 million customer accounts including customer usernames and passwords, credit card numbers and expiration dates. Sixty five suits were filed in the United States. There were also Federal investigations, State investigations, and international investigations. Total paid = expected to be over $150M

Cyber Breaches (cont d) 7 75% of Breaches reported were due to Human Error/Negligence Paper Breach Over 5,000 medical records were left unattended on the driveway of a physician s home. The Office for Civil Rights investigated and the hospital was required to adopt a corrective action plan to address deficiencies in its HIPAA compliance program to include employee training. Total paid = $800K

8 Directors need to understand and approach cybersecurity as an enterprise-wide risk management issue, not just an IT issue. NACD Cyber-Risk Oversight Handbook

9 What Proactive Steps Can I Take To Protect Sensitive Information?

What Keeps CIOs Up at Night? 10 N=1587, Source: Ponemon Research, May 2014

What s The Most Common Type of Breach? 11 Breach Types 2007 through 2013 (4215 breaches)

Looking Inside Business Practices 12 RETENTION WHAT SENSITIVITY WHERE BUSINESS BUSINESS PROCESSES PROCESSESS

Looking Inside Business Practices 13 RETENTION WHAT SENSITIVITY RECORDS INVENTORY WHERE BUSINESS BUSINESS PROCESSES PROCESSESS

What Do You Have? 14 Accident/Incident Records Advertising Records Benefit Records Budget Records Contracts & Agreements Coupon Records Credit Approvals Customer Information Customer Orders Employee Medical Files Gift Card Functions Payment Records Sales Receipts

Where Is It? 15 1010100011 1001010011 0 1 1 0 1 0 0 1 0 0 1 0 1 1 0 1 0 0 1 1 0 1 0 0 1 1 0 1 1 0 0 0 1 0 0 1

What Are the Requirements? 16 BUSINESS NEEDS SENSITIVITY REQUIREMENTS Corporate Sensitive PII Customer Data Intellectual Property Bio Metric Patient Health Info. Personal Financial Sensitive EU DOL FSMA GLB HIPAA OSHA PCI SEC State Privacy Laws

17

18 How Can Cyber Insurance Provide a Risk Management Solution?

19 Evaluate loss prevention. Incident response plan. Breach resolution team.

When The Worst Happens... 20 The Role of Legal Counsel: Data Breach Coach Forensics PR Litigation Risk Identification and Management Risk Transfer Insurance Notification Litigation Enforcement

21 Final Thoughts

22 Rebecca Perry Jordan Lawrence rperry@jordanlawrence.com Liz Wittenberg AIG Liz.Wittenberg@aig.com Donna Wilson Manatt, Phelps & Phillips, LLP DLWilson@manatt.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information