The Security Scrutinizer with Howard Anderson

Breach Case Study Offers Helpful Tips

Real-World Experiences Highlight Prevention Needs

Micky Tripathi is providing a great service to the healthcare industry by sharing all the blow-by-blow details of his organization's experience with a relatively small breach. His breach resolution tale of woe, including documentation of nearly $300,000 in expenses, is powerful testimony to the need for stepped-up breach prevention.

See Also: Entering the Era of Generative AI-Enabled Security

In an interview, Tripathi, CEO of the Massachusetts eHealth Collaborative, outlines eight important lessons learned in the aftermath of a breach stemming from the theft of an unencrypted laptop (see: Breach Resolution: 8 Lessons Learned). Of course, he's a strong advocate for making sure that an encryption policy is carried out and staff members receive adequate security training.

If more business associates and covered entities that have experienced breaches shared the lessons they've learned, I believe we'd see a decline in breaches. 

But his experience shines a spotlight on a very important message: Do not underestimate how difficult it is to respond to and remediate a breach.

In a lengthy recent blog, Tripathi outlines every component of his breach resolution experience, including the difficulty in determining just how to comply with state and federal regulations.

Taking Responsibility

In our interview, he also is refreshingly frank about the need to take responsibility for actions as an organization and as a leadership team.

The laptop incident "was a mistake by a person who violated company policy," he notes. "But on the other hand, they probably didn't have enough education and training, and they probably didn't have enough tools to do their job securely."

That self-assessment led Massachusetts eHealth Collaborative to take a fresh approach to security. And that's an example that others should follow.

Tripathi deserves credit for being so open about his post-breach experience. Listening to the interview, and reading his blog, will be an eye-opening experience for many.

We all know that breach resolution is difficult and costly. But Tripathi's tale spells out just how challenging it is to deal with the aftermath of a breach.

If more business associates and covered entities that have experienced breaches shared the lessons they've learned, I believe we'd see a decline in breaches. Thank you, Micky Tripathi, for sharing your story.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.