10. WHATISTHETOTALCOSTOFBREACH?
What does a breach cost these days?
• Learning of breach (patient, 3rd party, internal investigation, news)
• Repairing breach ($17 million total for BCBS-TN)
• Cost of investigation (people, time, equipment; external
investigators; forensics; legal discovery)
• Notifications (those potentially affected, L/S/F authorities)
• Remediation
• Ongoing prevention (monitoring, upgrades, training, audits,
assessments) – cost to prevent vs. risk/cost of exploitation
• Cyber liability insurance (tens of thousands $/year)
• Fines & settlement ($1.5 million for HITECH breaches, AG settlements)
• Class action claims ($1,000 per patient in California)
• Legal fees (pay even if you “win”)
• Balance Sheet and Income Statement
• Intangible/loss of market goodwill ($ M’s)
• Loss of customers/revenues ($ ???’s)
• Impact on patients
• Loss of trust
• Human cost - permanent effects upon lives and livelihoods
10
11. ANDHERETHEYARE:OURSECURITYPANELISTS
Opening Remarks – the Panelists
• Gina Bianco-Perez: President, Advances In Management
• Peter Alterman: Senior Advisor to NIH CIO for Strategic
Initiatives
• Ross Roberts – Information Assurance PM (IAPM) and HIPAA
Security Officer for the U.S. Army Medical Command
(MEDCOM) and Office of The Surgeon General
• Mick Talley – SEMHIE Director, Treasurer, and Program
Manager for SSA E-Disability E-Filing contract
• Randy Frank – Internet2 Sr Dir. New Business Development
11
12. DURINGTHISPARTWECANDISAGREE!
Challenge 1: What is the worst aspect of a security breach?
Challenge 2: What do you think are the three single most
important issues in IT security today?
Challenge 3: What emerging trends do you see in IT security
that keep you awake at night?
Challenge 4: Standards, standards everywhere. But HOW?
Challenge 5: Testing before production? In health care?
Challenge 6: What are the business models for security in HIT?
12
Panel Challenges – 10-15 minutes
13. DURINGTHISPARTWEHAVETOBENICETOEACHOTHER
Audience Questions – 10-15 minutes
Rules:
1. If your initials are called, please be prepared to clarify your
question for the panel
2. If you disagree with the panel’s response to your question
or want to add to their response you may have one minute
for rebuttal after the panelists answer your question
3. Please be nice until the break!
13
14. WESINCERELYAPPRECIATEYOURTIMEANDATTENTION
CLOSING and THANK YOU
Security: It is no laughing matter, but we hope you had fun and learned
something today
If you have additional comments or suggestions, please email them to
security@mihin.org
For positive comments about this panel session, please email my boss, Tim
Pletcher, pletcher@mihin.org
For complaints about this panel, please email
customerservice@yahoo.com
Thank you for your time and attention!
Jeff Livesay, livesay@mihin.org
14