Network logging and the organized storage of data are vital to avoid the expensive error of over-notification when it appears that a data breach has occurred and PHI has been compromised.
That is the view of Jason Straight, managing director of cyber security experts Kroll Advisory Solutions. He says that when malware is discovered on your system it is important to allow time for computer forensics to be carried out in order to establish whether a breach has occurred, and the magnitude of the breach.
“We understand that time is tight when a breach occurs and there are regulatory deadlines but all of them will allow for some period, even if it’s just a matter of days, to carry out the investigation and do the best job you can at understanding the scope of the breach,” he said. “We encourage companies to use that time wisely.”
He adds that it is vital to plan ahead: you should have an incident response plan in place and investigators at the ready.
“Really you’re in a situation where every hour counts and if you fumble around for two or three days or a week before deciding you need to bring an investigator in you compromise your ability to do this scoping and really accurately define the scope of the breach.”
Even when a breach is indisputable, notification may not be necessary if it can be demonstrated that PHI has not been compromised. Computer forensics can help determine whether this is the case.
“We’ve certainly seen situations where a nasty piece of malware has been identified on the network but through looking at network traffic logs and firewall logs we can conclude that the malware never finished its mission – maybe it collected the stuff it was looking for and had it stored in a payload file but that payload file was never sent back out to the commanding control,” said Straight. “So in that situation there was no breach; yes, the intruders got in but they never got back out the door with anything.”
The process of computer forensics is easier and therefore much less costly if regular logging is carried out and data is stored in a well-structured manner.
“What you really don’t want is when you end up with PHI scattered across email inboxes all over the organization because then it becomes a very time consuming and therefore costly process when you have a breach to figure out who was potentially affected by this breach,” he said.
He added that it is important to understand where your sensitive data is and to limit staff’s ability to save PHI onto a laptop or mobile device.
“That information really should be in a secure location that users are able to access from a laptop or mobile device but you really want to limit the situations where that data can be stored onto a mobile device. That reduces the ways that that information can be compromised,” he said.
Organized storage, data, costs, data breaches, PHI