June 15, 2017 - Health Care Group News: OCR Releases Checklist On What To Do Following A Cyber AttackBy: Stephanie Sprague Sobkowiak and Daniel J. Kagan Since the WannaCry ransomware virus spread rapidly across the globe, businesses, both large and small, are again focusing on cyber-security. In a previous bulletin, we detailed five things that a business can do to help prevent a cyber-attack. However, in the unfortunate event that your business experiences a cyber-attack affecting protected health information, this bulletin provides guidance from the Department of Health and Human Services Office for Civil Rights ("OCR") regarding what you must do. On June 8, 2017, OCR released a checklist for covered entities and business associates (together referred to as "entities" herein) to use when responding to a cyber-attack. While some might find the checklist to be very simple, it does two important things:
If ever investigated, OCR will consider all of an entity’s mitigation efforts and will certainly begin by making sure an entity "checked all boxes" on the checklist, as appropriate. In short, this checklist provides that entities:
If your entity experiences a breach or if you have any questions about cyber-attacks, data breaches or any other health law issue, please contact Stephanie S. Sobkowiak, Dena M. Castricone or Daniel J. Kagan. |
2023 Murtha Cullina LLP All Rights Reserved.