Ransomware Resources for HIPAA Regulated Entities

Ransomware Resources for HIPAA Regulated Entities

The HHS Office for Civil Rights (OCR) is sharing the following information to ensure that HIPAA regulated entities are aware of the resources available to assist in preventing, detecting, and mitigating breaches of unsecured protected health information caused by hacking and ransomware.

HHS Health Sector Cybersecurity Coordination Center Threat Briefs

Sector and Threat Briefs

HHS Resources on Section 405(d) of the Cybersecurity Act of 2015

  • Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients
  • Cybersecurity Reports and Tools

OCR Guidance

HHS Security Risk Assessment Tool

CISA Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches

CISA Ransomware Guide

FBI Resources

OCR Cybersecurity Newsletters


A ransomware attack may result in a breach of unsecured protected health information that triggers reporting requirements under the HIPAA Breach Notification Rule.  HIPAA covered entities and business associates should review OCR’s ransomware guidance for information regarding potential breach notification obligations following a ransomware attack.

Have questions? I’m here to help.