Skip to main content
MorningsideHealth & Risk

I think we just had a cyber incident — what do I do first?

Call the carrier's 24/7 incident response hotline before doing anything else. Do not pay a ransom, do not notify patients or customers, do not engage your usual IT vendor for forensics, do not delete files. The carrier will retain a panel forensic firm and breach coach (an attorney specializing in privacy and cyber law) — using non-panel vendors usually means the carrier won't reimburse those costs. Preserve evidence (don't reformat the affected systems), isolate the breach (segment networks, but don't power down — volatile memory matters in forensics), and get the response team engaged. Speed matters in two ways: cleaner forensics if you act fast, and many regulatory clocks (HIPAA's 60-day notification, NY SHIELD Act notice "without unreasonable delay") start at discovery.

Category
Business Insurance
Audience
For existing clients
Topic
Cyber & Privacy

STILL HAVE QUESTIONS?

We answer the same business day.

If yours isn't covered here, schedule a consultation and we'll get you a clear answer.