EPISODE · Mar 17, 2026 · 10 MIN
Pressure Testing Your IRP: Why "Calling IT" Isn't a Plan (ep. 3 Part 2)
from Practical Cybersecurity with Jen Stone · host SecurityMetrics
What happens when the news cameras show up and your business grinds to a halt? Donna Grindle, CEO of Kardon, returns to discuss the "hair on fire" reality of a data breach. We move past the paperwork to explore why "calling IT" isn't a plan, the hidden costs of notification letters, and how insurance mazes can complicate your recovery.Key Takeaways"Call IT" is Not a Plan: During a breach, IT will be busy containing the threat; you need an operational plan for when systems and phones go dark.The Paperwork Trap: Reverting to paper records stops cash flow because you aren't sending claims or bills—plus, you eventually have to manually re-enter all that data.Media & Legal Circus: If 500+ records are hit, you must notify the press. This often triggers immediate "ambulance chaser" lawsuits on social media.Tabletop Exercises: Don't find gaps in your plan during a crisis. Run practice drills to know who is authorized to speak for the company and what vendors to call.Insurance Realities: Open claims immediately to protect legal privilege, but be ready for insurance-mandated vendors that may span several time zones."Take ownership of it. Don't assume that somebody else in your office is handling it... You will likely lose your business or be on the verge of it if you are not prepared in some way." — Donna Grindle Key Concepts:Security Incident vs. Data Breach - A security incident is a panic-inducing event that requires investigation, but it may or may not officially escalate into a data breach that requires regulatory reporting.Incident Response Plan (IRP) - A comprehensive strategy that covers far more than just IT recovery; it must dictate how you communicate with employees, vendors, and clients during a crisis.Tabletop Exercise - A low-stakes practice run of your Incident Response Plan to poke holes in it before an actual emergency. It helps you figure out exactly who is in charge, who you are calling, and who is authorized to speak publicly.Links:Kardon: https://kardonhq.com/Help Me With HIPAA Podcast: https://helpmewithhipaa.com/Timestamps00:00 – Intro00:54 – Cyber Incidents vs Breaches in a HIPAA Context01:26 – Why Operational Continuity Cannot be an IT Responsibility03:02 – Questions to Ask During a Tabletop Exercise03:50 – Talking to Patients on Facebook04:06 – More Questions to Ask During a Cyber Incident05:13 – Even "Calling My MSP" Isn't an Incident Response Plan05:37 – When a Cyber Incident Becomes a Breach06:09 – "Can't We Just Send a Postcard?"06:32 – Steps to Respond to a HIPAA Breach09:03 – Final Summary: Shifting to Active Security Ownership09:59 – Where to Find Donna Grindle & KardonA note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place But if you just want to learn how to protect yourself for free, start here: https://academy.securitymetrics.com/
What this episode covers
What happens when the news cameras show up and your business grinds to a halt? Donna Grindle, CEO of Kardon, returns to discuss the "hair on fire" reality of a data breach. We move past the paperwork to explore why "calling IT" isn't a plan, the hidden costs of notification letters, and how insurance mazes can complicate your recovery. Key Takeaways "Call IT" is Not a Plan: During a breach, IT will be busy containing the threat; you need an operational plan for when systems and phones go dark...
NOW PLAYING
Pressure Testing Your IRP: Why "Calling IT" Isn't a Plan (ep. 3 Part 2)
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Jan 2, 2026 ·47m
Dec 21, 2025 ·46m