4 Stages of Containing a Data Breach

Data breaches have become increasingly common, leading many organizations to establish comprehensive policies for handling them. In 2015, Anthem Blue Cross Blue Shield, a prominent US health insurance provider, disclosed a significant breach, revealing that approximately 78.8 million Social Security records and other sensitive personal data had been compromised. We look at four stages of containing a data breach.

Join our newsletter:

The exact steps to take following a security breach can be complex and may vary based on the specifics of the incident. However, it's crucial to promptly take appropriate actions to contain the damage and minimize any further losses.

Containment and recovery

A typical response plan should include steps to both contain the situation and expedite recovery. This involves identifying and notifying individuals or teams who can assist in preventing further damage, such as isolating certain areas or networks. At this stage, it's crucial to determine if anything can be done to recover losses and to limit the damage caused by the breach. This might include restoring from backups, implementing security patches or updates, or engaging with law enforcement or legal counsel if necessary.

Assessment of ongoing risk

During this step, it's essential to assess various factors:

  • The type of data involved: This could be personal, financial, or proprietary information.
  • The sensitivity of the data: Some data may be more sensitive than others, such as health or financial information.
  • The number of records affected: The scale of the breach can affect the response and recovery efforts.
  • The potential impact of the breach: This could include physical, reputational, or financial damage, among other things.
  • Whether encryption was used: If certain devices have gone missing, encryption may be used to protect the data.
  • Whether any other institutions need to be informed: This could include banks, regulators, or other organizations that may be affected by the breach.
This assessment will help determine the appropriate response and recovery actions to take.

Notification of breach

Informing individuals affected by a breach is vital, as it allows them to take necessary steps to protect themselves. Alternatively, informing the appropriate regulatory bodies enables these institutions to provide advice and handle resulting complaints. Key considerations include regulatory or legal requirements concerning data breach notifications and the method of informing affected individuals. If children or vulnerable people are affected, special care must be taken in these notifications. It's crucial to provide clear guidance on steps victims can take to safeguard themselves and explain how your organization can assist them.

Evaluation and response

Merely containing the breach and resuming 'business as usual' is inadequate if the breach resulted from poor security practices, like insufficient policies or a lack of accountability. Conducting a comprehensive assessment of your security practices is essential to determine the breach's root cause and prevent future occurrences. Maintain a record that tracks where data is stored and how it is secured, and consider conducting an in-depth information security risk assessment. This will help identify vulnerabilities and formulate strategies to mitigate risks effectively.


Quick & Simple

Discover Our Cybersecurity Compliance Solutions:

Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you

 NIST SP 800-171 & CMMC Compliance App

NIST SP 800-171 & CMMC Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
 HIPAA Compliance App

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
 FAR 52.204-21 Compliance App

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
 ISO 27001 Compliance App

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.