HHS Says Most Ransomware Attacks May Be HIPAA Breaches

On July 11, 2016, the Department of Health and Human Services’ (HHS) Office of Civil Rights (OCR) released a guidance document whose purpose it is to help Health Insurance Portability and Accountability Act (HIPAA) covered entities combat ransomware and meet their compliance obligations under HIPAA regulations. Late last month, the HHS also issued a guidance of a much more general nature to help health care providers avoid, prevent, and mitigate ransomware attacks. A few days after HHS issued the June guidance, two Congressmen sent a letter to OCR asking for guidance on ransomware to be issued and posing questions to the agency regarding whether all ransomware attacks should be considered HIPAA breaches.

Read More