Have you tested your breach response process?

Posted by Gerry Blass

Healthcare Organizations are Under Attack!

Healthcare organizations are officially under attack and the industry is aware that it is not a matter of “if”, but a matter of “when” a breach will occur.  You must understand your organization’s breach response process.

The value and vulnerabilities of networks and electronic health information are high based on recent headlines. Increased attacks and breaches have led to the highest concerns about healthcare information privacy and security since the late 1990’s. Some of the largest and smallest healthcare organizations and business associates have been hit by ransomware, phishing attacks, etc., resulting in breaches of all sizes, class action lawsuits, significant penalties, and reputational harm. In addition, breaches lead to government audits and any findings of willful neglect for conducting key risk assessments and mitigation can be very costly.

Cybersecurity Tactical Simulation Is a Must

Forgetting about all other risk to protected health information (PHI), which should be covered under your information security risk assessment, there is now a need to conduct a cybersecurity tactical simulation to understand your breach response. Similar in concept to conducting a table top disaster recovery / business continuity test, a cybersecurity tactical simulation helps organizations to safely analyze their ability and readiness in responding to cybersecurity incidents, to evaluate the maturity of their plans, quantify if their teams have the appropriate tools and skills, and determine if their systems are able to withstand cybersecurity attacks.

Conduct Realistic Cybersecurity Exercises

Covered Entities (CEs) and Business Associates (BAs) should consider hiring an expert to conduct the first and potentially ongoing simulations based on the very latest cybersecurity intelligence. We have vetted a number of companies in this space including one that examines intelligence from their worldwide sensor network that is deployed in over 120 countries today and growing. This means that your organization is exposed to the most realistic cybersecurity incidents possible in order to simulate a proper response, and make necessary adjustments to policies and procedures.


Adding a cybersecurity tactical simulation test to an overall information security risk assessment is a must in today’s world. It is a sure bet that attacks and breaches will continue to occur and so the need for functional assessments, mitigation, awareness and response are key to protecting your organizations confidential information.

About ComplyAssistant

ComplyAssistant provides healthcare cybersecurity services and healthcare compliance software solutions. The software is a compliance management cloud portal that provides guidance, organization and collaboration alerts and notifications for more effective management and documentation of healthcare compliance activities.

About the Author

Gerry Blass, is President & CEO of ComplyAssistant. Gerry was recently elected to the New Jersey HIMSS Board of Directors, and heads up the Security, Privacy and Compliance Task Force. You can call Gerry at 800-609-3414 Ext.700, or email him at gerry@complyassistant.com.

Business Associates, Cybersecurity Exercises, HIPAA-HITECH, Information Security Risk Analysis, Information Security Risk Management, Ransomware