© 2017-2020 Caplock Security LLC

  • Twitter Social Icon
  • Black LinkedIn Icon

Cyber-Attack Response for HIPAA-Covered Entities and Business Associates

June 14, 2017

In light of WannaCry and other highly visible data breaches, HHS's Office of Civil Right (OCR) recently released a checklist along with an infographic for covered entities and their business associates to utilize as a guide on what to do in the unlikely event of a cyber-attack.

The guide and related infographic can be obtained from here:
https://www.hhs.gov/sites/default/files/cyber-attack-checklist-06-2017.pdf
https://www.hhs.gov/sites/default/files/cyber-attack-quick-response-infographic.gif

The guide outlines four mandatory actions to be taken:

1) The entity must execute its response and mitigation procedures and contingency plans.
2) The entity should report the crime to other law enforcement agencies.
3) The entity should report all cyber threat indicators to federal and information-sharing and analysis organizations (ISAOs).
4) The entity must report the breach to OCR as soon as possible, but no later than 60 days after the discovery of a breach affecting 500 or more individuals.

The guide re-iterates the requirements established HIPAA Security Rule, HIPAA Privacy Rule, HIPAA Breach Notification Rule, HIPAA Enforcement Rule, and others including Cybersecurity Information Sharing Act. The checklist also provides insights to mandatory requirements but are often overlooked by small and medium entities, such as, having contingency planning and incident response capabilities, documented procedures and testing, and maintain ongoing updates.

 

 

 

Share on Facebook
Share on Twitter
Please reload

Featured Posts

Blockchain Technology Playbook

January 19, 2020

1/10
Please reload

Recent Posts
Please reload

Archive