Kroll Cyber Security Blog – A Dialogue on Data Security

Edwards Wildman Palmer, LLP, Kroll Advisory Solutions and Advize invite you to attend The HIPAA Final Rule Rules: Impact on Privacy, Security, Breach Notification and Enforcement. This seminar will take place Wednesday, June 26 at the offices of Edwards Wildman Palmer LLP. A breakfast and networking session will be held prior to the seminar from 8:00 a.m. to 8:30 a.m. with the seminar immediately following, from 8:30 a.m. to 10:00 a.m.

The seminar will focus on the following topics:

• HIPAA Omnibus Final Rule Privacy Changes
• Business Associate Changes
• Data Breach Response
• Omnibus Final Rule Enforcement Provisions

A recent Chicago Tribune article, titled “Data breaches persist despite heightened security,” brings to the forefront the persistent and growing problems resulting from data breach. While the article focuses specifically on breaches that have hit the Chicago area, the themes presented here are ones that are echoed – and in some cases, accelerating – across the country:

• Despite increasing awareness of the need for cyber security, data breaches continue to make headlines.
• Aggregated data, increased connectivity, and convenience of mobile devices all contribute to the ease with which data can be accessed electronically.

Big Data is certainly a hot topic and a common buzz word in today’s privacy conversation. Often overlooked is the cyber security component. Global corporations with siloed business units own very valuable consumer data that’s been captured over the last several years. These organizations are just starting to act on aggregating and mapping this data for market purposes. As companies reach across business units and leverage their untapped assets, as this article addresses, many new opportunities will arise. With an increase in federal regulations and global efforts aimed at improving privacy controls, there will be a growing need for data privacy and security lawyers, IT Security professionals, Incident Response investigators and possibly even data breach notification providers. I recommend this quick read, written by Maria Sendra from Jones Day, “Untapped ‘Big Data’ could be wellspring of opportunity.” It provides a good overview of the buzz over Big Data and related cyber security issues.

On January 25, 2013, the Department of Health and Human Services (HHS) issued the HIPAA Omnibus Final Rule to modify HIPAA Privacy, Security, and Enforcement Rule pursuant to the HITECH Act, extending certain provisions of the HIPAA Privacy Rule and adoption of the Security Rule to Business Associates (BAs) – including subcontractors who qualify as BAs.

Chief among the HIPAA privacy and security requirements of BAs and subcontractors is a required risk analysis to assess potential risks and vulnerabilities to Protected Health Information (PHI):

If you haven’t had a chance to do so, be sure to download this latest whitepaper available on the Kroll website. Authored by Michael DuBose, managing director and Cyber Investigations practice leader at Kroll, the piece examines the prevalence of insider threat, provides examples of high-profile cases, and discusses steps to reduce the risk from insider cyber threat.

The media has been saturated in recent months with news articles of Chinese hackers gaining access to U.S. corporate and government networks, carrying ominous warnings about the Chinese hacking menace and the threat it presents to U.S. business.