Federal Government Helps Mitigate Effects Following a HIPAA Breach from a Cyberattack

Posted By American Med Spa Association, Thursday, June 29, 2017

In the wake of recent global cyberattacks, the Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) has issued a checklist detailing the measures that a HIPAA-covered entity or its business associate should take following a cyberattack.

The cybersecurity checklist provides that following a ransomware attack or other cyber-related security incident, the covered entity or business entity should take the following steps:

- It must execute its response and mitigation procedures and contingency plans;
- It should report the crime to other law enforcement agencies, which may include state or local law enforcement, the FBI, and/or the Secret Service;
- It should report all cyber threat indicators to federal and information-sharing and analysis organizations (“ISAOs”), including the Department of Homeland Security, the HHS Assistant Secretary for Preparedness and Response, and private-sector cyber-threat ISAOs;
Read more at ByrdAdatto >>