Pirates of the PHI: Identifying & Responding to a Cyber Attack According to HIPAA Best Practices | Sessions
Cyber crime is costly and its effects can permeate throughout an organization for years following an attempted or successful cyber attack. Employee benefits plans are particularly at risk for certain types of cyber crime activities, due to their large transactional volumes and the relative value of their portfolio of assets, both in the retirement and health and welfare contexts. While almost no defensive strategy will create a perfectly impermeable employer, there are proactive steps that can be taken by an employer to mitigate the opportunity for, and the effects of, cyber crime. The Health Insurance Portability & Accountability Act ('HIPAA'), along with other privacy-related laws and regulations, offer a roadmap to building an employer's cyber defensive strategy. In this program, participants will learn methodologies used to analyze and respond to an attempted or successful cyber attack according to HIPAA best practices.
- Understand the four primary rules espoused under the law of HIPAA that coalesce to create an employer's cyber crime defensive strategies;
- Understand the prevalence and opportunity for cyber crime directed at private organizations, particularly respecting human resources operations and employee benefit plan administration activities;
- Understand and apply the principles of HIPAA respecting risk evaluation and risk mitigation opportunities, both as responsive and proactive tactics to mitigate cyber crime activities;
- Understand and prepare required participant, federal secretary, media, and workforce notices of breach arising upon instances of breaches of protected health information compromised as the consequence of a successful cyber crime attack or campaign of attack; and,
- Develop and implement an organizational contingency plans to respond to, and to proactively mitigate, the effects of cyber crime activities.