Reminder on Deadline for Reporting Small Data Breaches and Maximizing Threat Intelligence

The last day for reporting healthcare data breaches of less than 500 records is upcoming. HIPAA-covered entities should make sure to report these data breaches to the HHS’ Office for Civil Rights (OCR) on or before March 1, 2023. Not reporting data breaches on time violates the HIPAA rule and may be penalized.

Under the HIPAA Breach Notification Rule, HIPAA-covered entities need to send notification letters to all persons who had their protected health information (PHI) compromised or impermissibly disclosed with no unnecessary delay and should be within 60 days of discovering a data breach. HIPAA-covered entities are additionally expected to submit data breach reports to the Secretary of the HHS through the breach reporting website of OCR.

For large data breaches or those impacting 500 and up persons, the HIPAA Breach Notification Rule requires report submission to OCR within the same time period – no more than 60 days from the date of discovering the data breach. Reporting data breaches with less than 500 persons affected is more lenient. HIPAA-covered entities should still report these breaches through the OCR breach reporting website, however, they could report it up to 60 calendar days from the last day of the year when the breach was discovered or on March 1, 2023. It must be noted that when a HIPAA-covered entity opts to avail of this Breach Notification Rule flexibility, the extended time period is only applicable to breach reporting to OCR. The entity must still send breach notifications to affected individuals within 60 days of discovering the breach.

Each data breach should be reported individually via the OCR breach reporting website. The details of the breach must be included in the breach reports and the breached entity must take action to remediate the incidents. When a HIPAA-covered entity has encountered several small data breaches in a period of one year, reporting may take a while. It is consequently ideal not to delay reporting the data breaches.

Mandiant: Organizations Aren’t Receiving the Maximum ROI from Threat Intelligence

The threat intelligence company, Mandiant, states that the majority of cybersecurity frontrunners are satisfied with the threat intelligence they’re getting, however, that intelligence isn’t always considered whenever developing their cyber techniques and making buying choices. The inability to properly use threat intelligence information keeps organizations from obtaining the highest return on their investment and diminishes the efficiency of their cybersecurity tactics.

Mandiant performed a survey involving 1,350 cybersecurity leaders at companies with a minimum of 1,000 employees, from 18 industries in 13 nations to get a global viewpoint on how companies are using threat intelligence to get around the international cybersecurity risk landscape. It was confirmed by the survey that companies usually get threat intelligence via a number of sources. Of the surveyed cybersecurity leaders, 96% said they are satisfied with the threat intelligence they get; nonetheless, 47% of participants said they have difficulties applying threat intelligence effectively throughout their company. Most respondents (98%) mentioned they must be quicker at carrying out adjustments in line with the threat intelligence they get.

Most of the respondents (79%) said they make buying decisions depending on present cyberattack developments, without considering information about the threat actors that are targeting their sector and the strategies they are utilizing. For example, security teams frequently put up defenses against advanced persistent threat (APT) actors, even if there’s no actual threat posed by these nation-state actors to the organization or industry. Security teams get big numbers of notifications concerning software vulnerabilities but do not use threat intelligence to determine which vulnerabilities the threat actors are using to target their industry, or whether the threat actors could exploit the vulnerabilities. Although over 85% of security leaders know the importance of knowing the attackers, their tools and strategies, and motives, only 34% stated they think about the origin of a prospective attack whenever they test their cybersecurity protection.

When threat intelligence isn’t considered in buying decisions, tools bought may fail to give the right level of security against the most relevant threats to their industry, which can destroy their cybersecurity technique. Companies that consider threat intelligence with their buying decisions and cybersecurity techniques can attain the best protection versus the tactics, techniques, and procedures employed by the threat actors that are really attacking their company.

Although security decisions are taken without having information about the threat actors that are targeting them, those who made the decisions remained optimistic about their cybersecurity protection, particularly against financially inspired threats like ransomware. 91% of survey participants felt confident their security could keep them safe against ransomware attacks, 89% were sure they are secured against attacks done by hacktivists, 83% were sure they are protected against nation-state attackers, and most respondents (95%) feel assured that they could show their moderate to highly efficient cybersecurity tactic to their senior management.

Over 66% of cybersecurity leaders stated they think their senior leadership teams ignore the cyber threat brought on their company and 68% stated their company must increase its awareness of the threat landscape. Although security teams know the need for threat intelligence, 79% of survey participants confessed that they ought to give more time and effort to determining crucial trends. The survey furthermore showed that threat intelligence isn’t usually shared throughout the company. For instance, cybersecurity is merely talked about typically once each month in the different sections of companies, and just 38% of security teams share threat intelligence with a larger group of workers to increase threat awareness.

Security teams are quite confident, however often have difficulty keeping in step with the quickly evolving threat landscape. They seek actionable tips that may be implemented across their company, according to Vice President Sandra Joyce of Mandiant Intelligence at Google Cloud. This Global Perspectives on Threat Intelligence report shows that security teams are concerned that senior leaders don’t completely understand the threat landscape. Therefore, those making crucial cyber security decisions lack information about the attacker and their strategies.

One of the issues pointed out in the survey is having an overload of information. Companies acquire substantial amounts of threat information that should be processed and so vital information may be overlooked. 84% stated they were afraid about their lack of threat intelligence because of the number of warnings and information they need to process. 69% of survey respondents stated they are overcome by the threat intelligence information they obtain. 79% of surveyed healthcare respondents said they are relatively or totally overwhelmed by the volume of information and notifications they need to handle.

Mandiant provides a number of recommendations that could help security leaders make the best use of their investment and efficiently operate on their cyber threat intelligence.

  • Companies ought to routinely assess the information received to be sure it is timely, reliable, and correct.
  • Understand the threat actors that are in reality targeting the company and industry
  • Fine-tune defenses as necessary, then test defenses and the company’s response to the attack strategies that were discovered and monitor enhancements with time.
  • Threat intelligence must be used throughout all security programs and processes to proactively keep safe against all possible threats.
  • Companies must communicate threat intelligence properly with stakeholders to enable the consideration of intelligence whenever making buying decisions.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at