In the wake of the recent security breaches at Anthem, it is clear that even large health companies are being attacked and need to take efforts to help themselves survive a coordinated hacking effort.
Reuters has reported on the ongoing investigation into the breach, which has included states like Connecticut, Massachusetts and Illinois, where the respective Attorneys General are looking further into the aftermath of the incident. While no official evidence about the culprits have been confirmed, the source reported that some are suspecting involvement from China, based on previous, similar instances of cybercrime.
When a breach occurs, successful reporting helps a provider stay compliant with regulations and ensure that the government acknowledges what has taken place. The U.S. Department of Health & Human Services (HHS) and its Office for Civil Rights (OCR) feature an online submission tool for affected entities to submit notices of HIPAA violations, listed in subcategories depending on how many individuals were impacted by the breach.
It's not the only national agency to encourage users to an online portal to report on cybersecurity breaches. The FBI has, according to the Federal Times, created a similar system aimed at 58,000 companies as an extension of typical incident reports after a crime. The source quotes executive assistant director of the Criminal, Cyber, Response and Services Branch section of the FBI, Richard McFeely, on the need for this tool.
"We did not have a structured way that we were collecting the information from companies that had been hacked," he said. "We did not have, really, a form that we could share with companies to make sure we were getting all the information that we needed."
Knowing that these resources exist is just a part of using them successfully: healthcare compliance consulting will assist in strengthening proper reporting procedures.