Learn the difference between security incidents and data breaches to understand to how to respond appropriately to each one.

Posted in Data Breach on Wednesday, October 4, 2017

Quite frequently, we hear about data breaches and cyber-attacks.  When it comes to cyber situations, security incidents and data breaches are two very different situations.  Learn the difference between security incidents and data breaches to understand to how to respond appropriately to each one.

Security Incident

A security incident, as defined by HIPAA, is “an attempted or unsuccessful unauthorized access, use, disclosure, modification or destruction of information or interference with operation system of an information system.”  An example of a security incident is a computer virus. Whether or not that incident constitutes a breach must be determined.

Data Breach

A data breach is when protected health information (PHI) has been viewed, released, stolen or used by an unauthorized individual.  An example of a data breach is when the attempt at accessing PHI is successful, such as the Advantage Dental data breach.

Keep in mind; your business associates are also obligated to report security incidents, both successful and unsuccessful events, to you.  That is why it is important to have Business Associate Agreements in place, which are compliant with HIPAA for all vendors/business associates who might have access to patient PHI.

Having cyber insurance coverage to protect patients’ health information is equally important as having security processes in place to reduce risks, identify vulnerabilities and mitigate losses. The Office of Civil Rights (OCR) has created helpful tools to assist you in further understanding and preparing your practice for a security incident and/or a data breach.  Some of the helpful tools include:

Cyber Attack Quick-Response Checklist

Cyber Attack Quick-Response Guide Infographic

Ransomware and HIPAA Fact Sheet

For assistance with a cyber security insurance policy, contact PSIC today.