TRENDING:

The Security Scrutinizer with Howard Anderson

Breach Case Study Offers Helpful Tips

Real-World Experiences Highlight Prevention Needs Howard Anderson (ismg_editor) • January 20, 2012    

Micky Tripathi is providing a great service to the healthcare industry by sharing all the blow-by-blow details of his organization's experience with a relatively small breach. His breach resolution tale of woe, including documentation of nearly $300,000 in expenses, is powerful testimony to the need for stepped-up breach prevention.

See Also: ISO/IEC 27001: The Cybersecurity Swiss Army Knife for Info Guardians

In an interview, Tripathi, CEO of the Massachusetts eHealth Collaborative, outlines eight important lessons learned in the aftermath of a breach stemming from the theft of an unencrypted laptop (see: Breach Resolution: 8 Lessons Learned). Of course, he's a strong advocate for making sure that an encryption policy is carried out and staff members receive adequate security training.

But his experience shines a spotlight on a very important message: Do not underestimate how difficult it is to respond to and remediate a breach.

In a lengthy recent blog, Tripathi outlines every component of his breach resolution experience, including the difficulty in determining just how to comply with state and federal regulations.

Taking Responsibility

In our interview, he also is refreshingly frank about the need to take responsibility for actions as an organization and as a leadership team.

The laptop incident "was a mistake by a person who violated company policy," he notes. "But on the other hand, they probably didn't have enough education and training, and they probably didn't have enough tools to do their job securely."

That self-assessment led Massachusetts eHealth Collaborative to take a fresh approach to security. And that's an example that others should follow.

Tripathi deserves credit for being so open about his post-breach experience. Listening to the interview, and reading his blog, will be an eye-opening experience for many.

We all know that breach resolution is difficult and costly. But Tripathi's tale spells out just how challenging it is to deal with the aftermath of a breach.

If more business associates and covered entities that have experienced breaches shared the lessons they've learned, I believe we'd see a decline in breaches. Thank you, Micky Tripathi, for sharing your story.



About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.