In the wake of recent global cyberattacks, the Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) has issued a checklist detailing the measures that a HIPAA-covered entity or its business associate should take following a cyberattack.

The cybersecurity checklist provides that following a ransomware attack or other cyber-related security incident, the covered entity or business entity should take the following steps:

- It must execute its response and mitigation procedures and contingency plans;
- It should report the crime to other law enforcement agencies, which may include state or local law enforcement, the FBI, and/or the Secret Service;
- It should report all cyber threat indicators to federal and information-sharing and analysis organizations (“ISAOs”), including the Department of Homeland Security, the HHS Assistant Secretary for Preparedness and Response, and private-sector cyber-threat ISAOs;
Read more at ByrdAdatto >>