Overview
Cybersecurity risk assessments are the cornerstone of cybersecurity preparedness. They help organizations uncover cybersecurity threats and reduce the chance of a data breach.
The breach or theft of proprietary technologies can cause irreparable reputational harm, legal liability, financial loss, and significant disruption of operations. Therefore, health care, technology, and financial services companies should routinely assess their cybersecurity and data privacy risks in connection with their data collections and platforms.
Cybersecurity risk assessments make good business sense and are typically required by law. For example, organizations covered by the Gramm Leach Bliley Act, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and/or the European Union’s General Data Protection Regulation need to conduct risk assessments. Many state laws also require organizations managing personal data to perform cybersecurity risk assessments.
Epstein Becker Green’s Data Privacy, Cybersecurity & Data Asset Management Group, with its industry-leading, credentialed privacy and cybersecurity attorneys who blend their top-notch privacy know-how with cybersecurity experience, regularly assists clients across a broad range of industries, including financial service firms, law firms, health care providers, and technology companies, in assessing their cybersecurity threats and risks.
Who We Are
Our Data Privacy, Cybersecurity & Data Asset Management Group is made up of attorneys with a diverse spectrum of certifications and qualifications, including:
- Certified CSF Practitioners by HITRUST
- Certified Information Systems Security Professionals (CISSP) by the International Information Systems Security Certification Consortium (see www.isc2.org)
- Certified Professionals in Healthcare Information and Management Services (CPHIMS) by the Healthcare Information and Management Systems Society (HIMSS)
- Certified Ethical Hacker (CEH) by EC-Council
- Certified Information Privacy Professionals by the International Association of Privacy Professionals (IAPP)
Team members have served in high-level cybersecurity and data privacy positions with the Centers for Medicare & Medicaid Services and as Chief Information Security and Compliance Officers in health care and private organizations.
Our attorneys are committed to protecting our clients, who are under constant cyber threat from hackers, employees, and other malicious actors. Our attorneys are thought leaders in anticipating cyberattacks and designing effective strategies to combat and respond to these threats. We partner with our clients to protect all their sensitive data, including personal data, proprietary data, emerging technologies, and trade secrets. We are experienced in translating regulatory standards requiring reasonable and effective cybersecurity measures into practical solutions and programs consistent with risk and operational needs.
Our Services
Our cybersecurity risk assessments are designed to analyze how clients collect, use, and protect the personal and business information of employees, clients, customers, patients, and vendors. We help clients uncover cybersecurity weaknesses to mitigate risks in a practical and legally compliant manner. In addition, our cybersecurity risk assessments are protected by the attorney-client privilege to the fullest extent permitted by law.
Specifically, our cybersecurity risk assessment follows these eight steps:
- Determine client data and the network safeguards
- Review data privacy policies and information practices
- Draft and revise policies, procedures, and training materials to meet legal and compliance standards
- Assess the effectiveness of internal auditing procedures, risk reporting, and enforcement activities
- Conduct contractual and vendor due diligence and management
- Pinpoint weaknesses and compliance gaps that may lead to legal and strategic risks, and recommend compliance requirements and strategies to better protect the client’s data, networks, and systems
- Conduct formalized insider threat risk assessments, and develop insider threat programs
- Conduct workforce security training
HIPAA Risk Assessments
The HIPAA Security Rule requires all HIPAA-covered entities and business associates to conduct a risk assessment to determine where their protected health information (PHI) could be at risk. Our Data Privacy, Cybersecurity & Data Asset Management Group provides effective and practical counseling relating to HIPAA risk assessments and guides health care clients through formalized and well-documented risk analyses, as required by HIPAA.
Our team is distinguished by its depth, judgment, and technical experience. We draw on our deep bench to put our clients in a defensible cybersecurity posture from a compliance and practical perspective.
Our Services
We assist clients in identifying threats, assessing the risks to their systems and PHI, and implementing effective strategies to manage risks in a prioritized manner. And our risk analyses are protected by the attorney-client privilege to the fullest extent permitted by law.
Specifically, in the course of our risk analysis, we:
- provide “on the ground” advice after interviewing relevant stakeholders and evaluating information systems;
- conduct robust and well-documented assessments of administrative, physical, and technical safeguards around PHI;
- identify gaps in cybersecurity programs;
- recommend risk mitigation strategies and techniques consistent with operational goals and regulatory requirements; and
- Develop effective information security programs that provide an in-depth defense.
After the risk analysis is completed, we remain by our clients’ side to guide them in improving their cybersecurity over time.
Read less
Focus Areas
Industries
Trending Issues
Experience
Contacts
Member of the Firm
Member of the Firm
Media
Events
Upcoming Events
Past Events
- June 17 and 21, 2024
Insights
Insights
- Media CoverageAdam S. Forman, Frances Green, Nathaniel Glasser Quoted in “Want to Use AI for Talent Management? Here’s What to ...9 minute read
- PublicationsProposed HIPAA Security Rule Updates May Significantly Impact Covered Entities and Business Associates20 minute read
- PublicationsEmbrace the Chaos: AI Regulation in the US Remains in Flux2 minute read
- Media CoverageAdam S. Forman Quoted in “4 Tips for Using Wearable Tech Following EEOC Guidance”2 minute read
- BlogsVideo: Employment Law in 2025: A Look Ahead - Employment Law This Week4 minute read
- PublicationsUSA: Health Data Laws - State Privacy Laws Relating to Reproductive Health and to Children2 minute read
- Media CoverageLisa Pierce Reisz Quoted in “New Health Apps May Pose Challenges to Patient Privacy”3 minute read
- PublicationsUSA: Health Data Laws - Navigating State Regulations2 minute read
- PublicationsThe Challenge of AI Governance: The Blessing and the Curse of Safeguarding Personal Data15 minute read
- BlogsVideo: New DOL Guidance - ERISA Plan Cybersecurity Update - Employment Law This Week3 minute read
- BlogsDeepfakes: Why Executive Teams Should Prepare for the Cybersecurity and Fraud Risks6 minute read
- PublicationsUSA: Health Data Laws - Update and Impact on Organizations2 minute read
- BlogsPreparing for the Cybersecurity and Fraud Risks of Deepfakes: What Executive Teams Need to Know6 minute read
- BlogsWhy Executive Teams Should Prepare for the Cybersecurity and Fraud Risks of Deepfakes6 minute read
- Media CoverageBrian Cesaratto Quoted in “New Jersey Legislation to Watch: A Midyear Report”3 minute read
- Firm AnnouncementsEpstein Becker Green Again Earns ISO 27001 and 27017 Certifications, Highest Accreditation for Data Security and Client ...3 minute read
- Blogs
Privacy Officer's Roadmap: Data Breach and Ransomware Defense – Speaking of Litigation Video Podcast
42 minute read - Media CoverageAlaap Shah Quoted in “Don’t Worry, You (Probably) Won’t Have to Deal with ONC: Algorithm Transparency Rule May Have ...2 minute read
- BlogsVideo: California's Upcoming Cyber Audit and Automated Tech Rules - Employment Law This Week2 minute read
- Media CoverageAlaap Shah Quoted in “2024 Outlook: The Cybersecurity Trends Health System Leaders Need to Know”3 minute read
- PublicationsUSA: Future of Cybersecurity Law and Regulation2 minute read
- BlogsNew York Aims to Bolster Hospital Cybersecurity with Imminent Release of Proposed Regulations3 minute read
- Media CoverageAlaap Shah Featured in “You Gotta Get the Data Right! Talking EMPI”2 minute read
- Media CoverageBrian Cesaratto Quoted in “Best Practices for Detecting and Managing Fraud”3 minute read
- BlogsWhite House Releases National Cybersecurity Strategy Implementation Plan7 minute read
- BlogsWhite House Releases National Cybersecurity Strategy Implementation Plan7 minute read
- Media CoverageAlaap Shah Quoted in “AI & Machine Learning Are Here. Will They Come for Lawyers?”3 minute read
- PublicationsTwitter Whistleblower Claim Is Cautionary Tale for Employers2 minute read
- PublicationsUSA: Employee Monitoring and Regulatory Frameworks for Keylogging Technology2 minute read
- Media Coverage
Alaap Shah Featured in AHLA Connections Magazine: Member Spotlight
3 minute read - Media CoverageAlaap Shah Quoted in "Source: FDA Guidance Takes More Nuanced Approach to Cybersecurity"1 minute read
- PublicationsUSA: Security Considerations for VPNs2 minute read
- PublicationsUSA: Privacy and Cybersecurity Considerations for Contactless Payment Solutions4 minute read
- Media CoverageRobert Travisano Quoted in “Businesses Face Growing Risk of Cyberattacks, Financial Loss”2 minute read
- Firm Announcements
Epstein Becker Green’s Brian Cesaratto and Francesco DeLuca Named 2022 BTI Client Service All-Stars
3 minute read - PublicationsDOJ’s Civil Cyber-Fraud Initiative: What Contractors Need to Know About Novel Use of False Claims Act3 minute read
- Media CoverageThe Ransomware Plague Continues, but the Response Model Is Changing2 minute read
- PublicationsHealth Cos. Must Prepare for Growing Ransomware Threat2 minute read
- PublicationsDesigning a Trusted Framework for the Application of AI in Health Care2 minute read