Incident & Breach Response , Managed Detection & Response (MDR) , Security Operations

Fighting for Jurisdiction Post-Breach

Attorney Deborah Gersh on How Regulatory Bodies Are Staking Claims

In today's environment, federal and state regulators come at breached companies from all angles, with requests for investigative information, breach response plans and fines. Attorney Deborah Gersh, co-chair of the healthcare practice at law firm Ropes & Gray LLP, says it's easy for organizations to become overwhelmed when numerous regulators demand answers simultaneously in the wake of a breach. By having well-defined breach response plans in place before an incident, however, organizations can streamline their procedures to ensure compliance without damaging their reputations.

See Also: The Alarming Data Security Vulnerabilities Within Many Enterprises

"There have been quite a few developments recently, and I think it has to do with the fact that certain agencies think that another agency may not be doing their job as effectively as possible, or that they feel that they have a particular interest in a particular case that is unique to them," Gersh says in this video interview with Information Security Media Group. "For example, with the [Federal Trade Commission], they view themselves as the champions of consumer protection and consumer rights, and it may very well be that if the FTC does not feel that another agency, such as the OCR, Office of Civil Rights, is taking on a particular action, then they will step in to do so. It also has to do with advocating for their particular consumers, and it also has to do with the fact that, I think, they're looking to expand their jurisdiction."

In this interview recorded at ISMG's recent New York Fraud and Breach Prevention Summit, Gersh also discusses:

  • Common mistakes breached organizations make when regulators come knocking;
  • Dealing with numerous regulatory bodies seeking actions against a single breached entity at one time;
  • Steps attorneys can take to help clients address regulatory inquiries with consolidated approaches.

Gersh has more than 25 years of experience advising a wide range of healthcare companies and investors about sophisticated regulatory and enforcement matters, as well as acquisitions and sales of healthcare entities. Her clients include pharmaceutical manufacturers and medical device companies, managed-care companies, dental-service organizations and practice-management companies, as well as academic medical centers and community hospitals. Gersh counsels clients on a range of compliance matters, including design and implementation of corporate compliance programs and negotiation, and implementation of corporate integrity agreements.

About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by, ABC News, and MSN Money.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.