Contact Us

Preparing Your Cybersecurity Breach Response

by Colin Konschak and Shane Danaher

 

If you’re in healthcare, your organization is an especially attractive cybercrime target because of the value of the sensitive information you are trying to safeguard, and how lax cybersecurity generally is in your industry. Recent studies show your costs of being successfully targeted are rising, not falling as they are in other industries. In addition to being in the healthcare sector, your location is also a factor in the high cost of breach response. Doing business in the United States means you are located where notification and post-data breach response costs are the highest in the world. (Ponemon Institute, 2017)

A major reason for these high costs is that the healthcare industry is highly regulated and under a great deal of scrutiny, especially when it comes to safeguarding personally identifiable information (PII) and protected health information (PHI). In a previous whitepaper in this 10-part series on cybersecurity titled, “HIPAA and the Intersection of Cybersecurity in Healthcare,” we detailed the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information for Economic and Clinical Health Act (HITECH) and other federal regulations that govern protection of sensitive information. We also detailed the compliance responsibilities of covered entities and their business associates under HIPAA’s Privacy and Security Rules, and the Breach Notification Rule.

In preparing for a cybersecurity breach, which leaders in the healthcare industry should consider as inevitable, not only federal regulations have to be considered, but state data breach laws as well. While federal law generally pre-empts state laws when the state laws are less stringent, covered entities must comply with the state breach notification laws to the extent that they exceed the notification requirements in HIPAA. Due to the myriad of state laws and requirements, it is possible a security incident that does not trigger a breach under HIPAA may trigger a breach requiring notification under state law.

In this whitepaper, we focus on ways to help ensure your organization has a well-developed plan to respond quickly and effectively to a cybersecurity breach involving the theft or ransom of sensitive information.

Download the full whitepaper – Preparing Your Cybersecurity Breach Response.

About Divurgent

Divurgent is a leading healthcare IT consulting firm and EHR specialist. Since 2007, we’ve led more than 700 projects across the US and Canada, drawing from a team of over 22,000 experienced subject matter experts. As a 100% privately-owned company, we’re accountable only to our clients, ensuring they achieve measurable improvements in patient care and organizational performance.

At Divurgent, we’re dedicated to helping organizations achieve their vision through innovative solutions and exceptional service. We collaborate closely with our clients to deliver tailored solutions that drive success in an ever-evolving healthcare landscape, from EHR implementation and go-lives to managed services, analytics, talent augmentation, and digital strategy. With decades of combined healthcare experience on both sides of the table, our team has overcome the challenges faced by our clients and helped them get the most out of their investments in healthcare technology.

More from Divurgent
Ready to Learn More?
Let's Chat
Want more like this delivered to your inbox?
Get the Divurgent newsletter

About Us

Careers

Latest From Divurgent

Linkedin Facebook X Icon Instagram Youtube Podcast
ⓒ 2025 Divurgent