Ransomware Resources for HIPAA Regulated Entities
Physician Compliance
Sep 23

Ransomware Resources for HIPAA Regulated Entities

Ransomware Resources for HIPAA Regulated Entities

The HHS Office for Civil Rights (OCR) is sharing the following information to ensure that HIPAA regulated entities are aware of the resources available to assist in preventing, detecting, and mitigating breaches of unsecured protected health information caused by hacking and ransomware.

HHS Health Sector Cybersecurity Coordination Center Threat Briefs

Sector and Threat Briefs

HHS Resources on Section 405(d) of the Cybersecurity Act of 2015

OCR Guidance

HHS Security Risk Assessment Tool

CISA Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches

CISA Ransomware Guide

FBI Resources

OCR Cybersecurity Newsletters

Reminder

A ransomware attack may result in a breach of unsecured protected health information that triggers reporting requirements under the HIPAA Breach Notification Rule.  HIPAA covered entities and business associates should review OCR’s ransomware guidance for information regarding potential breach notification obligations following a ransomware attack.

About Reed Tinsley, CPA

As a top advisor to physicians, I help increase practice profits by delivering hands-on, expert medical accounting/tax support, practice counsel, and revenue-building strategies. Read more →