What You Need to Know About Ransomware & HIPAA Compliance: Understanding the OCR Ransomware Guidance
There is no more hedging on whether ransomware incidents should be identified and treated the same way as other data breaches under the Health Insurance Portability and Accountability Act (HIPAA). The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has stated that ransomware attacks constitute a breach unless there is substantial evidence to the contrary.
HIPAA-regulated covered entities and their business associates are now responsible for following specific guidance laid out by the OCR in the event of a ransomware attack. It's no longer enough to be defensive - healthcare organizations must be proactive.
In this e-guide, we discuss:
- Why attackers are going after healthcare firms
- Why the OCR guidelines are big news
- How to detect a ransomware attack
- How to protect your organization