If a data breach occurs, vendors are required, both contractually and by regulatory, to take the necessary notification actions. Different notification actions will be required depending on the incident and level of breach.

Marathon Health’s rigorous incident management and processes are based upon industry best practices, including the National Institute of Standards and Technology, MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK). The incident management is integrated and incorporates contractual and regulatory notification requirements.

Rob Boschen
Rob Boschen, Vice President IT Operations & Security, Marathon Health