Law Firm Cyber Security & Compliance Risks

Similar documents
Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind

Healthcare in the Crosshairs for Data Breaches. April 22, Deborah Hiser (512)

Discussion on Network Security & Privacy Liability Exposures and Insurance

HIPAA. New Breach Notification Risk Assessment and Sanctions Policy. Incident Management Policy. Focus on: For breaches affecting 1 3 individuals

Data Breach and Senior Living Communities May 29, 2015

HIPAA Data Breaches: Managing Them Internally and in Response to Civil/Criminal Investigations

Data Breach Cost. Risks, costs and mitigation strategies for data breaches

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v

Network Security & Privacy Landscape

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

Privacy / Network Security Liability Insurance Discussion. January 30, Kevin Violette RT ProExec

Managing Cyber & Privacy Risks

Logging and Auditing in a Healthcare Environment

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

Logging In: Auditing Cybersecurity in an Unsecure World

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

Guided HIPAA Compliance

Business Associate Management Methodology

THE DATA BREACH: How to stay defensible before, during and after the incident. after the incident.

CSR Breach Reporting Service Frequently Asked Questions

Jefferson Glassie, FASAE Whiteford, Taylor & Preston

Cyber Insurance Presentation

How To Protect Yourself From Cyber Threats

CGI Cyber Risk Advisory and Management Services for Insurers

DATA BREACH BREAK DOWN LESSONS LEARNED FROM TARGET

Our Commitment to Information Security

COMPLIANCE ALERT 10-12

What do you need to know?

Beazley presentation master

The Dish on Data and Disks HIPAAPrivacy and Security Breach Developments. Robin B. Campbell Ethan P. Schulman Jennifer S. Romano

NEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16

Surviving a HIPAA violation One Agency s Experience Presented by: Roger Shindell. Topics Covered Part One. Topics Covered Part Two.

Understanding Professional Liability Insurance

HIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator

Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties

Business Associates, HITECH & the Omnibus HIPAA Final Rule

Vendor Management Challenges and Solutions for HIPAA Compliance. Jim Sandford Vice President, Coalfire

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist

Cyber Insurance: How to Investigate the Right Coverage for Your Company

CyberSecurity for Law Firms

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010

2016 OCR AUDIT E-BOOK

CYBER & PRIVACY LIABILITY INSURANCE GUIDE

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?

How To Understand And Understand The Benefits Of A Health Insurance Risk Assessment

Business Associate Agreement

Cyber-insurance: Understanding Your Risks

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing

Cyber Risks in the Boardroom

Big Data, Big Risk, Big Rewards. Hussein Syed

Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches

M E M O R A N D U M. Definitions

BUSINESS ASSOCIATE AGREEMENT ( BAA )

OCR Reports on the Enforcement. Learning Objectives 4/1/2013. HIPAA Compliance/Enforcement (As of December 31, 2012) HCCA Compliance Institute

OCR Reports on the Enforcement. Learning Objectives

2/9/ HIPAA Privacy and Security Audit Readiness. Table of contents

The Legal Pitfalls of Failing to Develop Secure Cloud Services

HIPAA Cyber Security: Your Vendor is a Back Door to Your Server

Checklist for HIPAA/HITECH Compliance Best Practices for Healthcare Information Security

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

3/4/2015. Scope of Problem. Data Breaches A Daily Phenomenon. Cybersecurity: Minimizing Risk & Responding to Breaches. Anthem.

What s new In the News Data Breach Discussion The 5 W s Risk Analysis: Why, What, how, When, and Who Common Issues Observed Q / A Session Purdue

October 24, Mitigating Legal and Business Risks of Cyber Breaches

Overview of the HIPAA Security Rule

Transcription:

ALA WEBINAR Law Firm Cyber Security & Compliance Risks James Harrison CEO, INVISUS

Breach Risks & Trends 27.5% increase in breaches in 2014 (ITRC) Over 500 million personal records lost or stolen in 2014 (PRC) 85% of breaches are at small businesses (VISA) 59% of breaches caused by employees Shifting Accountability: Execs under increased scrutiny Third party vulnerabilities (vendors, service providers)

How Law Firms are Doing Law firms are in the crosshairs of hackers. Back in 2011, the U.S. government labeled New York City s 200 largest law firms the soft underbelly of hundreds of corporate clients. The good news in 2015 is: Almost 80% of law firms increase consider data security and privacy a top 10 risk Source: Marsh s 2014 Global Law Firm Cyber Survey

How Law Firms are Doing The bad news is: 72% of law firms have not assessed how much a breach would cost them with the type of data they retain 62% have not calculated the effective lost revenue following a breach incident Less than 50% said their firm was insured against this risk Source: Marsh s 2014 Global Law Firm Cyber Survey

Increasing Pressure on Firms Pressure from Clients: Clients vetting their service providers Example: GMR Transcription Services directly liable in FTC suit for failing to adequately verify that its law firm implemented appropriate security measures to protect personal information. (Jan 2014) 5 years ago, we didn t have client security audits. We ve had 15 so far this year. - Law firm Reed Smith

Increasing Pressure on Firms Pressure from Clients: Big banks and other clients are demanding their law firms do more to protect sensitive information [including] detailing their cybersecurity measures and onsite inspections

Increasing Pressure on Firms Pressure from Regulators: HIPAA-HITECH enables direct enforcement by DHHS (OCR) over business associates of HIPAA covered entities including law firms State laws 47 states with breach notification law Many states have minimum data security requirements Firms must consider the laws in all states where affected persons reside New data security regulations coming Federal, State Expanded definition of protected data New minimum data security standards

Increasing Pressure on Firms Pressure from Industry: ABA Rule 1.6 Professional Conduct, lawyers must make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client. ABA Resolution 109 calling for firms to develop, implement, and maintain an appropriate cybersecurity program.

What s the Risk? $201 est. cost per record lost/stolen $134 direct cost for customer losses $67 direct cost for customer remediation expenses Customer breach notification costs Fines and penalties Up to $1.5 million for HIPAA violation State penalties can be $500+ per record exposed Example: 5,000 records compromised: $335,000 in customer remediation $1 million total breach cost Source: Ponemon Institute Study 2014

What s the Risk? Forensic investigation, business interruption Civil lawsuits Reputation harm/ lost business

What Firms Should be Doing Prevention & Compliance Basics

What Firms Should be Doing 1 2 Encourage investment into a breach prevention & compliance program. Advise partners, board on risks and liabilities Assign responsibility and centralize the administration of your breach prevention & compliance program. Compliance Administrator or Information Security Officer All departments, functions collaborate

What Firms Should be Doing 3 Implement complete Information Security Compliance Program. Formalized Information Security Plan (policies & procedures) Administrative, Physical and Technical Safeguards Risk assessments (find vulnerabilities, compliance gaps) Implement updated security and privacy measures Training all personnel, ongoing Assess and manage service provider relationships Create incident response plan Consider Cyber-Liability Insurance

What Firms Should be Doing 4 5 Audit and legal defensibility readiness. Information Security & Compliance reports, documents Regular program updates (keep it current) Client privacy assurance. Client information privacy notice Client information security report 3 rd party certification

Thank you! Q & A

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information