Cost of a Breach: Forensics and Notification

Staff Writer | Protenus | August 17, 2016

Continuing our Cost of a Breach series that examines and breaks down the cost of a hospital data breach, this week’s post will take a closer look at the first two steps a hospital or healthcare institution must take after a data breach has occurred: forensics and notification. In the aftermath of a data breach, the first thing a healthcare organization must do is determine what electronic health records (EHRs) were illegitimately accessed and who accessed them; this process is known as data forensics. Once the scope of the breach is known, an institution must then notify any affected patients and provide them with specific support services.

Forensic investigations are expensive and time-consuming, but HHS has put strict deadlines on how long healthcare institutions can wait before notifying affected patients. Thus, it is crucial for those institutions to be able to conduct an accurate forensic investigation as quickly as possible so they can create a complete picture of the incident and notify only those patients whose records were actually breached. This is where a proactive privacy monitoring platform makes life easier.  For additional insight into seven ways a cost of a breach can affect your institution, download our Cost of a Breach: A Business Case for Predictive Privacy Analytics White Paper.

Put simply, forensics is the process of determining what happened during a breach. A forensic investigation looks at what data was breached, who obtained the data, and whether that data was actually acquired or viewed. This information is then turned into a report that concludes whether a breach occurred or not, as well as which records were affected. Thus, forensic analysts require a large amount of data to conduct a proper investigation. They need a log of every access user in order to determine who accessed the records illegitimately. They will also need to examine the records themselves so they can determine if the records were actually breached. Oftentimes, this means bringing in outside experts to help an organization put together the forensic report...