Is Your NonProfit Prepared For A Data Breach?

If your nonprofit organization suffered a data breach, would you be protected?

On May 29th, a nonprofit organization based in New York State, People Inc., stated that they learned of a data security incident that involved protected health information belonging to some current and former clients. This data breach compromised many employee email accounts. 

People Inc. (a human services provider) explained that in February 2019,  they discovered that an unknown individual had gained access to an email account belonging to a People Inc. employee. Upon learning about this information, the New York nonprofit immediately reset the password required to access the impacted account. Two months later, People Inc. learned that the two email accounts contained personal information belonging to some current and former clients.  This personal information may have included names, addresses, SSNs, financial account information, medical information, health insurance information, and/or driver’s license or other government identification numbers. 

The nonprofit released a statement saying, “People Inc. takes the security of all information very seriously.  People Inc. has no evidence indicating that any information aside from the information contained within the two employee email accounts was impacted in connection with this incident.  In addition, People Inc. has no evidence that any of the information potentially involved in this incident has been misused. People Inc. has reported this matter to the FBI and will cooperate as necessary to hold the perpetrators accountable.”

New York State’s Regulations Regarding Data Breaches

NYS Information Security Breach and Notification Act statement

New York state has strict regulations governing how and when you have to notify customers of a breach involving personally identifiable information, adding to recovery costs.

More Common Than You Think

Two hands pointing at a computer screen.

Data breaches involving nonprofits may be more common than you think. The Canadian Press revealed that in March 2019, Natural Health Services, a medical cannabis clinic, suffered a data breach involving  the personal health information of about 34,000 medical marijuana patients. This information was accessed in a data breach of an electronic medical record system used by the non profit and its parent company. 

Less than a month later, NBC News reported that “a nonprofit organization affiliated with the FBI confirmed that hackers breached the web servers of multiple chapters and published the names and addresses of hundreds of law enforcement personnel and thousands of other people online.”

How To Protect Your NonProfit

Graphic on data breach

Whether you own a large corporation or a small business, (or something in between) you should know about cyber insurance. 

Cyber insurance covers your business for risks relating to information technology infrastructure and activities, and from data breaches involving sensitive customer and employee information such as Social Security numbers, credit card numbers, account numbers, driver’s license numbers and health records. Insurance companies continue to update policies as new threats emerge and hackers evolve quickly. 

HCP Can Help Protect Your NonProfit

HCP can help you examine your risks and help you decide which coverages are right for your business. Honig Conte Porrino has worked with IT risks of all types and we understand the challenges you must overcome to succeed. (We should, HCP has been doing this for more than 100 years!) 

Whether you’re a retail shop, medical office, or online entity, HCP has the expertise to help you every step of the way. We’ll pair you with an agent who specializes in your business and can coach you on how to protect against the risks you face. In addition, many of our employees have worked with us 15, even 25 years, and make their career here. You get to work with the same person year in, year out.