There are many sources of guidance on preparing for cybersecurity. Insurance companies offer cyber insurance policies that cover some of the costs of cyberattacks, including the legal fees and forensic consultant costs, and correspondingly, they can recommend consultants who can guide preventive efforts, says Pam Hepp, a healthcare attorney at Buchanan, Ingersoll & Rooney, Pittsburgh.
Hepp adds that another source of help may be a law firm that specializes in that area. “One advantage of a law firm is that not only may the legal advice be protected under the attorney client privilege, but counsel may be able to engage the forensic consultant to guide the legal advice in connection with the investigation under the attorney client privilege. In addition, if the situation calls for remediation, such remedial measures likewise may be protected under the attorney client privilege,” Hepp says.
The American Hospital Association (AHA) also provides guidance. “We have prepared a list of 12 CEO considerations,” says John Riggi, AHA’s senior advisor for cybersecurity and risk.
See related article: CFOs Play a Key Role in Cybersecurity Planning