{"id":344,"date":"2025-09-29T02:24:04","date_gmt":"2025-09-29T02:24:04","guid":{"rendered":"https:\/\/sites.wp.odu.edu\/jmint006\/?p=344"},"modified":"2025-09-29T02:24:04","modified_gmt":"2025-09-29T02:24:04","slug":"creating-cybersecurity-policies","status":"publish","type":"post","link":"https:\/\/sites.wp.odu.edu\/jmint006\/2025\/09\/29\/creating-cybersecurity-policies\/","title":{"rendered":"&#8220;Creating Cybersecurity Policies&#8221;"},"content":{"rendered":"\n<p>\u201cVirginia South Hospital Data Breach Response Policy\u201d<\/p>\n\n\n\n<p>At Virginia South Hospital, we make it a top priority to respond promptly and thoroughly to any cybersecurity incident that could impact employees&#8217; information, patient records, or our system. This policy explains who is responsible for each step, how we stay compliant with healthcare rules, and how we keep everyone informed.<\/p>\n\n\n\n<p><em>Purpose<\/em><\/p>\n\n\n\n<p>To establish a swift response to data breaches that may compromise employee information, patient records, or the hospital system. &nbsp;<\/p>\n\n\n\n<p><em>Scope<\/em><\/p>\n\n\n\n<p>This policy applies specifically to individuals who have access to Virginia South Hospital\u2019s sensitive data, such as all third-party vendors, contractors, and employees. &nbsp;<\/p>\n\n\n\n<p><em>Policy Statement<\/em><\/p>\n\n\n\n<p>Virginia South Hospital is dedicated to the care and improvement of our patients\u2019 lives. Our goal is to protect the confidentiality, integrity, and availability of sensitive data. In the event of a data breach, we will promptly contain the incident, notify affected parties, and comply with all applicable regulatory requirements.<\/p>\n\n\n\n<p><em>Role &amp; Responsibilities<\/em><\/p>\n\n\n\n<ul>\n<li>The Chief Information Security Officer (CISO): Responsible for guiding the team during the investigation and coordinating the next steps to ensure an appropriate response.<\/li>\n\n\n\n<li>The IT Security Team: Responsible for determining where the cybersecurity breach started, isolating the threat, and removing all threats from the system. &nbsp;<\/li>\n\n\n\n<li>The Compliance Officer: Duties include maintaining compliance with HIPAA and other legal requirements.<\/li>\n\n\n\n<li>The Communication Team: Handles all internal and external communication.<\/li>\n\n\n\n<li>The Legal Counsel: Assists the organization with understanding the risk and advising on what the company should do to stay compliant with laws.<\/li>\n<\/ul>\n\n\n\n<p><em>Response Procedure<\/em><\/p>\n\n\n\n<p>Detection &amp; Reporting<\/p>\n\n\n\n<ul>\n<li>Any signs of a possible cybersecurity breach should be reported immediately to the IT Security team.<\/li>\n\n\n\n<li>Complete an organization\u2019s official breach reporting form within an hour of the incident.<\/li>\n<\/ul>\n\n\n\n<p>Containment &amp; Investigation<\/p>\n\n\n\n<ul>\n<li>Remove all affected systems<\/li>\n\n\n\n<li>Conduct a detailed technical investigation to determine the cause of the cybersecurity incident.<\/li>\n\n\n\n<li>Write down everything discovered during the investigation.<\/li>\n<\/ul>\n\n\n\n<p>Notification<\/p>\n\n\n\n<ul>\n<li>If protected health information (PHI) is exposed, notify all individuals who have been affected.<\/li>\n\n\n\n<li>If more than 500 are affected within the organization, notify the United States Department of Health and Human Services (specifically, the Office for Civil Rights) within 60 days.<\/li>\n<\/ul>\n\n\n\n<p>Remediation &amp; Recovery<\/p>\n\n\n\n<ul>\n<li>Applying software updates to correct weaknesses in the system<\/li>\n\n\n\n<li>Resetting passwords for affected accounts, revoking or adjusting access rights, and reviewing access permissions.<\/li>\n\n\n\n<li>Monitoring the system for suspicious activity, reviewing logs and alerts, and running scans to check for vulnerabilities.<\/li>\n<\/ul>\n\n\n\n<p>Post-incident Review<\/p>\n\n\n\n<ul>\n<li>A detailed investigation to find the primary reason why this attack occurred.<\/li>\n\n\n\n<li>Conduct training on improving both technical defenses and staff knowledge after a cybersecurity incident.<\/li>\n\n\n\n<li>Prepare a detailed report for the executive.<\/li>\n<\/ul>\n\n\n\n<p><em>Enforcement<\/em><\/p>\n\n\n\n<p>If an employee fails to follow this policy, disciplinary action up to and including termination may result.<\/p>\n\n\n\n<p><em>Conclusion<\/em><\/p>\n\n\n\n<p>Responding quickly and openly to data breaches is crucial for protecting patient privacy, keeping trust, and meeting regulatory requirements. &nbsp;<\/p>\n\n\n\n<p>Reference<\/p>\n\n\n\n<p>Manifestly. (n.d<em>). Employee Offboarding Checklist<\/em>. Retrieved from <a href=\"https:\/\/www.manifest.ly\/use-cases\/systems-administration\/employee-offboarding-checklist\">https:\/\/www.manifest.ly\/use-cases\/systems-administration\/employee-offboarding-checklist<\/a><\/p>\n\n\n\n<p>U.S. Department of Health and Human Services, Office for Civil Rights. (n.d<em>.) Breach Notification Rule<\/em>. Retrieved from <a href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/breach-notification\/index.html\">https:\/\/www.hhs.gov\/hipaa\/for-professionals\/breach-notification\/index.html<\/a><\/p>\n\n\n\n<p>Cisco. (n.d.). <em>What is a CISO?Cisco<\/em>. Retrieved from <a href=\"https:\/\/www.cisco.com\/site\/us\/en\/learn\/topics\/security\/what-is-a-ciso.html\">https:\/\/www.cisco.com\/site\/us\/en\/learn\/topics\/security\/what-is-a-ciso.html<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u201cVirginia South Hospital Data Breach Response Policy\u201d At Virginia South Hospital, we make it a top priority to respond promptly and thoroughly to any cybersecurity incident that could impact employees&#8217; information, patient records, or our system. This policy explains who is responsible for each step, how we stay compliant with healthcare rules, and how we&#8230; <\/p>\n<div class=\"link-more\"><a href=\"https:\/\/sites.wp.odu.edu\/jmint006\/2025\/09\/29\/creating-cybersecurity-policies\/\">Read More<\/a><\/div>\n","protected":false},"author":31155,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wds_primary_category":0},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/jmint006\/wp-json\/wp\/v2\/posts\/344"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/jmint006\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/jmint006\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/jmint006\/wp-json\/wp\/v2\/users\/31155"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/jmint006\/wp-json\/wp\/v2\/comments?post=344"}],"version-history":[{"count":1,"href":"https:\/\/sites.wp.odu.edu\/jmint006\/wp-json\/wp\/v2\/posts\/344\/revisions"}],"predecessor-version":[{"id":345,"href":"https:\/\/sites.wp.odu.edu\/jmint006\/wp-json\/wp\/v2\/posts\/344\/revisions\/345"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/jmint006\/wp-json\/wp\/v2\/media?parent=344"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/jmint006\/wp-json\/wp\/v2\/categories?post=344"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/jmint006\/wp-json\/wp\/v2\/tags?post=344"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}