The hacking was known to the CEO and GC. A few quiet calls left them with work for the rest of the C-suite officers.
The end of the day saw the CEO call a staff meeting. The CIO, the CFO, the VP of HR and the General Counsel looked at each other uneasily over the exquisite conference table. The CEO delivered the tale of the breach. The GC’s queries had confirmed the breach. Then the CEO had notified the Board. The others were brought into the problem,
“We are hoping to keep this out of the press for as long as possible while we put together a viable action plan.
The General Counsel put it out on the table for everyone. “We got the word, from the “head of patient records” who sits on Epic all day. The records were pulled and it looks legit. We’ve got 60 days before we have to officially acknowledge this.”
The CIO looked stricken, but put up a brave front, “We’ll be on top of it. The Director of Security and my team have plans for breaches. We’re going to get on top of it. It’s going to take dedicated resources. We probably need outside help. “
The CFO groused, “Our spending already runs on fumes. The cash for new resources has to come out of what’s ongoing.”
The VP of HR wanted to couch the internal announcement softly.
“We don’t want to ruin morale. I need time to announce this right.”
The General Counsel scowled and attacked,
“We’re not “on top of it”. If we were there’d be no breach. We paid a lot for data protection guidelines over the last year from outside recommenders. Were they implemented?”
The CIO tried to project calm. This was a technical area.
“We spent mostly staff time and a little money to implement steps for each guideline. As a total, it was a lot. Security was priority three behind the new EPIC implementation and patient web portal. IT has barely budget for those.”
The CFO barely contained contempt, “And you’ve already come back twice for more money to keep that on schedule.”
The CIO had been thru all this before. “We’ve all agreed on the priorities so far, and my team will keep activating our breach plans. When I have more, I’ll let this group know privately.”
The GC pulled the groups attention back. “This breach could damage a lot more than our priorities and budget. I’ll be talking to all of you to coordinate actions we need to take.”
The CEO ended the meeting by saying, “We’re going to have to go ‘public’ sooner or later. The GC and I will craft public releases with your inputs. The rest of you need to plan. Get your thinking going. We all need to think ahead because of the breach.”
There was no sugar coating the breach. As a wise general once said – “No plan survives contact with the enemy”
Next Post – It's the People!
Comentarios