Enabling Swift Recovery after a Third-Party Data Breach

Following a major third-party data breach, a leading patient intake software company was under immediate pressure to notify and support the organizations and individuals affected, alongside meeting its regulatory responsibilities. Kroll’s third-party breach management platform, Kroll Notification Navigator (KNN), ensured that the breach notification process was efficient, trackable and secure, providing peace of mind to the company, its clients and their customers.

The Challenge

A leading patient intake software company was hit by a major third-party data breach. With the incident impacting around 700 data owners and 1.2 million individuals, the business had to act fast. In addition to fulfilling its regulatory obligations, the company needed to inform affected organizations about the breach and enable them to understand the personal impact and how to protect themselves in response. As a healthcare-related business, it also had to ensure that it could meet stringent industry regulations for reporting and responding to the data breach.

Kroll’s Solution

Kroll’s unique combination of expertise and proprietary technology enabled the business to manage the critical steps required after a data breach, significantly reducing its administrative burden. A key element of this was Kroll’s third-party breach management platform, Kroll Notification Navigator (KNN) which streamlines the process of notifying third-party entities about a data breach, allowing them to easily access their data, review the proposed notification, speak directly to experts with insight into the breach and make an informed choice about opting into the notification service.

KNN enabled effective and secure communication with the company’s stakeholders, straightforward collection of opt-in decisions and the exchange of data files and letter templates, with a defensible audit trail. Kroll successfully facilitated the secure transfer of data between the company and its data owners, resulting in letters being mailed to 576,181 impacted individuals.

With the company’s reputation at stake following the data breach, KNN’s patent-pending technology reduced the risk of human error and mitigated the public impact of the incident as much as possible. The business also had the benefit of Kroll's expertise and unrivaled knowledge of notification best practices to help maintain brand reputation at every stage of the breach communication process. Following the main notification process, Kroll’s Settlement Administration team worked closely with Kroll’s breach notification specialists to support the company with media and substitute notice filings.

The Impact

Secure, Trackable Breach Notification

Through KNN, Kroll successfully facilitated the secure transfer of data between the business and its data owners. Data volume collection, exchange and facilitation was completed in a single, secure application rather than through individual FTP sites, ensuring that changes made by the data owners were trackable and auditable. As a result, the company, its clients and their customers benefited from swift, seamless breach notification. After notifying the specific entities, each of the company’s clients received digital copies for their records, along with final notification reports.

Clear Return on Investment

The breach notification process is estimated to take up to five hours per data owner (source: Kroll). Through KNN and, with the support of Kroll’s breach notification specialists, the process was efficient and secure, delivering a measurable return on investment.

Strategic Notification Management

The company benefited from Kroll’s expertise in drafting personalized, plain-language letters about the data breach event, and the solutions being offered, segmenting the letters and managing the logistics of mailing them to 576,181 impacted individuals, and preparing for responses. Individuals unable to receive notification by mail benefited from media updates and substitute notices through a specially tailored solution that drew on expertise from teams across the wider Kroll business.

Full Visibility

KNN gave the company full oversight at every stage of the breach notification process through regular status and reporting updates for internal teams and external stakeholders. This allowed them to stay informed and agile, at one of the most challenging times an organization can experience, ensuring that they were quickly able to get back to business-as-usual.

Discover Kroll’s Breach Notification Services