Overview
Cybersecurity risk assessments are the cornerstone of cybersecurity preparedness. They help organizations uncover cybersecurity threats and reduce the risk of a data breach.
The breach or theft of proprietary technologies can cause irreparable reputational harm, legal liability, and financial loss, and can significantly disrupt operations. Therefore, health care, technology, and financial services companies should routinely assess their cybersecurity and data privacy risks in connection with their data collections and platforms.
Cybersecurity risk assessments make good business sense and are typically required by law. For example, organizations covered by the Gramm Leach Bliley Act, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and/or the European Union’s General Data Protection Regulation need to conduct risk assessments. Many state laws also require organizations managing personal data to perform cybersecurity risk assessments.
Epstein Becker Green’s Data Privacy, Cybersecurity, and Data Asset Management Group, with its industry-leading, credentialed privacy and cybersecurity attorneys who blend their top-notch privacy proficiency with cybersecurity experience, regularly assists clients across a broad range of industries, including financial service firms, law firms, health care providers, and technology companies, in assessing their cybersecurity threats and risks.
Who We Are
Our Data Privacy, Cybersecurity, and Data Asset Management Group is made up of attorneys with a diverse spectrum of certifications and qualifications, including:
- Certified CSF Practitioners by HITRUST
- Certified Information Systems Security Professionals (CISSP) by the International Information Systems Security Certification Consortium (see www.isc2.org)
- Certified Professionals in Healthcare Information and Management Services (CPHIMS) by the Healthcare Information and Management Systems Society (HIMSS)
- Certified Ethical Hacker (CEH) by EC-Council
- Certified Information Privacy Professionals by the International Association of Privacy Professionals (IAPP)
Team members have served in high-level cybersecurity and data privacy positions with the Centers for Medicare & Medicaid Services and the National Security Agency and as Chief Information Security and Compliance Officers in health care and private organizations.
Our attorneys are committed to protecting our clients, who are under constant cyber threat from hackers, employees, and other malicious actors. Our attorneys are thought leaders in anticipating cyberattacks and designing effective strategies to combat and respond to these threats. We partner with our clients to protect all their sensitive data, including personal data, proprietary data, emerging technologies, and trade secrets. We are well experienced in translating regulatory standards requiring reasonable and effective cybersecurity measures into practical solutions and programs consistent with risk and operational needs.
Our Services
Our cybersecurity risk assessments are designed to analyze how clients collect, use, and protect the personal and business information of employees, clients, customers, patients, and vendors. We help clients uncover cybersecurity weaknesses in order to mitigate risks in a practical and legally compliant manner. In addition, our cybersecurity risk assessments are protected by the attorney-client privilege to the fullest extent permitted by law.
Specifically, our cybersecurity risk assessment follows these eight steps:
- Determine client data and the network safeguards
- Review data privacy policies and information practices
- Draft and revise policies, procedures, and training materials to meet legal and compliance standards
- Assess the effectiveness of internal auditing procedures, risk reporting, and enforcement activities
- Conduct contractual and vendor due diligence and management
- Pinpoint weaknesses and compliance gaps that may lead to legal and strategic risks, and recommend compliance requirements and strategies to better protect the client’s data, networks, and systems
- Conduct formalized insider threat risk assessments, and develop insider threat programs
- Conduct workforce security training
HIPAA Risk Assessments
The HIPAA Security Rule requires all HIPAA-covered entities and business associates to conduct a risk assessment to determine where their protected health information (PHI) could be at risk. Our Data Privacy, Cybersecurity, and Data Asset Management Group provides effective and practical counseling relating to HIPAA risk assessments and guides health care clients through formalized and well-documented risk analyses, as required by HIPAA.
Our team is distinguished by its depth, judgment, and technical experience. We draw on our deep bench with the goal of putting our clients in a defensible cybersecurity posture from a compliance and practical perspective.
Our Services
We assist clients in identifying threats, assessing the risks to their systems and PHI, and implementing effective strategies to manage risks in a prioritized manner. And our risk analyses are protected by the attorney-client privilege to the fullest extent permitted by law.
Specifically, in the course of our risk analysis, we:
- provide “on the ground” advice after interviewing relevant stakeholders and evaluating information systems;
- conduct robust and well-documented assessments of administrative, physical, and technical safeguards around PHI;
- identify gaps in cybersecurity programs;
- recommend risk mitigation strategies and techniques consistent with operational goals and regulatory requirements; and
- develop effective information security programs that provide a defense in depth.
After the risk analysis is completed, we remain by our clients’ side to guide them in improving their cybersecurity over time.
Read less
Focus Areas
Industries
Trending Issues
Experience
Contacts
Member of the Firm
Member of the Firm
Media
Events
Past Events
Insights
Insights
- BlogsNew York Aims to Bolster Hospital Cybersecurity with Imminent Release of Proposed Regulations3 minute read
- Media CoverageAlaap Shah Featured in “You Gotta Get the Data Right! Talking EMPI”2 minute read
- Media CoverageBrian Cesaratto Quoted in “Best Practices for Detecting and Managing Fraud”3 minute read
- BlogsWhite House Releases National Cybersecurity Strategy Implementation Plan7 minute read
- BlogsWhite House Releases National Cybersecurity Strategy Implementation Plan7 minute read
- Media CoverageAlaap Shah Quoted in “AI & Machine Learning Are Here. Will They Come for Lawyers?”3 minute read
- PublicationsTwitter Whistleblower Claim Is Cautionary Tale for Employers2 minute read
- PublicationsUSA: Employee Monitoring and Regulatory Frameworks for Keylogging Technology2 minute read
- Media Coverage
Alaap Shah Featured in AHLA Connections Magazine: Member Spotlight
3 minute read - Media CoverageAlaap Shah Quoted in "Source: FDA Guidance Takes More Nuanced Approach to Cybersecurity"1 minute read
- PublicationsUSA: Security Considerations for VPNs2 minute read
- PublicationsUSA: Privacy and Cybersecurity Considerations for Contactless Payment Solutions4 minute read
- Media CoverageRobert Travisano Quoted in “Businesses Face Growing Risk of Cyberattacks, Financial Loss”2 minute read
- Firm Announcements
Epstein Becker Green’s Brian Cesaratto and Francesco DeLuca Named 2022 BTI Client Service All-Stars
3 minute read - PublicationsDOJ’s Civil Cyber-Fraud Initiative: What Contractors Need to Know About Novel Use of False Claims Act3 minute read
- PublicationsSenior Industry Leaders Need to Learn About AI3 minute read
- Media CoverageThe Ransomware Plague Continues, but the Response Model Is Changing2 minute read
- PublicationsHealth Cos. Must Prepare for Growing Ransomware Threat2 minute read
- PublicationsDesigning a Trusted Framework for the Application of AI in Health Care2 minute read