Criminal Cyberattacks: The No. 1 Cause of Health Care Data Breaches in 2014

May 12, 2015

Reading Time : 1 min

A new study released on May 7, 2015, by the Ponemon Institute revealed that criminal cyberattacks on health care organizations were the most prevalent cause of data breaches in 2014.  The report underscores the need to think “beyond HIPAA” and to prepare accordingly to address the risks of data breaches, which more than 90 percent of health care organizations experienced last year.

The Institute estimates that data breaches cost the health care industry $6 billion in 2014, or more than $2 million per organization.  In the event of a cyberattack, liability for directors and officers of companies could arise, especially if they did not engage in adequate preparedness activities.

Cyberattacks also represent a critical, high-stakes risk for companies’ reputations—a harm that is typically not covered by insurance. The majority of organizations do not believe that their incident response plans have adequate funding and resources, and the majority fail to perform certain kinds of risk assessments.

The report makes it clear that health care breaches are on the rise, and there is significant room for improvement when preparing to avoid an otherwise inevitable breach. Companies should consider the following six key elements of an effective cybersecurity risk management program:

1. Understand what health care data are targeted and evaluate health care-specific risks.

2. Know where your data reside.

3. Ensure that security protections reviewed by regulators meet or exceed industry standards.

4. Identify third parties with access to your data, limit access scope, and address privacy and data security risks through careful contracting.

5. Mitigate risks where possible.

6. Establish and test your incident response plan with outside counsel.

Share This Insight

Previous Entries

Akin Deal Diary

April 12, 2023

Read More

Akin Deal Diary

2022-12-15

On December 14, 2022, the Securities and Exchange Commission (SEC) adopted amendments regarding Rule 10b5-1 insider trading plans and related disclosures. The amendments aim to strengthen investor protections concerning insider trading and to help shareholders understand when and how insiders are trading in securities for which they may at times have material nonpublic information (MNPI). In light of these amendments, issuers should review and revise, if needed, their insider trading policies and equity grant policies.

Read more.

...

Read More

© 2024 Akin Gump Strauss Hauer & Feld LLP. All rights reserved. Attorney advertising. This document is distributed for informational use only; it does not constitute legal advice and should not be used as such. Prior results do not guarantee a similar outcome. Akin is the practicing name of Akin Gump LLP, a New York limited liability partnership authorized and regulated by the Solicitors Regulation Authority under number 267321. A list of the partners is available for inspection at Eighth Floor, Ten Bishops Square, London E1 6EG. For more information about Akin Gump LLP, Akin Gump Strauss Hauer & Feld LLP and other associated entities under which the Akin Gump network operates worldwide, please see our Legal Notices page.