Discovering a breach where ePHI has been stolen certainly falls into the ‘not a good day at work’ category.  It can be catastrophic for some, especially if the compromise occurred months ago and wasn’t detected.  Or if a 3rd party discovered the breach for you, which occurs more often than we think, 47-51% from 2010 – 2012 based on the Ponemon Institutes 3rd Annual Benchmark Study on Patent Privacy and Data Security.

On our list of 9 HIPAA Network Considerations, we are onto topic #8, Breach discovery times: know your discovery tolerance.

  1. HIPAA Audits will continue
  2. The HIPAA Audit Protocol and NIST 800-66 are your best preparation
  3. Knowledge is a powerful weapon―know where your PHI is
  4. Ignorance is not bliss
  5. Risk Assessment drives your baseline
  6. Risk Management is continuous
  7. Security best practices are essential
  8. Breach discovery times: know your discovery tolerance
  9. Your business associate(s)must be tracked

From the 2013 Verizon Data Breach Investigations Report, two thirds of the compromises were not discovered for months, or longer.  What is your tolerance for “not knowing?”  Can that discovery time tolerance be justified through reasonable due diligence, or are you back at the “ignorance is bliss” phase (blog #4), which could be interpreted as Willful Neglect in the case of a breach of PHI?

Source: Verizon 2013 Data Breach Investigations Report
Source: Verizon 2013 Data Breach Investigations Report

Detection of strange behavior, network anomalies, and network traffic spikes targeted at specific device(s) can all help to reduce the time between compromise and discovery of a breach of PHI in the network.  Reducing your discovery time could potentially reduce your costs around breach notification, penalties, and remediation costs caused by a breach.  The security best practices you put in place should focus on BOTH prevention of theft AND detection of compromise, so that you can remediate the vulnerability as quickly as possible.

Recommendation: Determine your discovery time tolerance and identify steps to reduce your compromise-to-discovery times.

Cisco’s Compliance Solutions teams focus on helping customers simplify meeting mandated compliance requirements. To learn more about Cisco® compliance solutions, please visit http://www.cisco.com/go/compliance .  Cisco Cyber Threat Defense solutions help you to discover, analyze and remediate breaches more quickly and effectively.  To learn more, please visit http://www.cisco.com/go/threatdefense


Terri Quinn

Security Solutions Manager

Security Technology Group