New OCR Guidance On Ransomware Puts Pressure On Providers

The Department of Health and Human Services’ Office for Civil Rights (OCR) has recently release new HIPAA guidance on the risks of being victimized by file-encrypting malware.

Under the new guidelines if any healthcare organization’s computers are infected with ransomware the government considers it a data breach thereby triggering HIPAA’s breach notification provisions which include notifying effected patients. OCR’s guidance release underscores the seriousness of the situation and the providers’ responsibility in preventing and recovering from such attacks.

For more information about attack prevention and recovery go here.