Ransomware Resources for HIPAA Regulated Entities

The HHS Office for Civil Rights (OCR) is sharing the following information to ensure that HIPAA regulated entities are aware of the resources available to assist in preventing, detecting, and mitigating breaches of unsecured protected health information caused by hacking and ransomware.

HHS Health Sector Cybersecurity Coordination Center Threat Briefs:

HHS Resources on Section 405(d) of the Cybersecurity Act of 2015:

OCR Guidance:

https://www.hhs.gov/hipaa/for-professionals/security/guidance/cybersecurity/index.html

  • Risk Analysis

https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/rafinalguidancepdf.pdf

HHS Security Risk Assessment Tool:

CISA Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches:

CISA Ransomware Guide:

FBI Ransomware Resources:

OCR Cybersecurity Newsletters:

REMINDER: A ransomware attack may result in a breach of unsecured protected health information that triggers reporting requirements under the HIPAA Breach Notification Rule.  HIPAA covered entities and business associates should review OCR’s ransomware guidance at https://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf for information regarding potential breach notification obligations following a ransomware attack.

Source:  HHS

About the author: Dissent

Comments are closed.