Faegre Drinker Biddle & Reath LLP, a Delaware limited liability partnership | This website contains attorney advertising.
July 13, 2017

OCR Responds to Rise in Healthcare Cyberattacks

The recent WannaCry ransomware and Petya/notPetya malware attacks that targeted thousands of organizations around the world, most notably health care providers and pharmaceutical companies, signal the urgency of protecting against ever-evolving cybersecurity risks. As a result of these attacks, the Department of Health and Human Services (HHS), Office for Civil Rights (OCR) has developed a growing set of resources to provide planning and response guidance to health care entities. OCR recently issued a Quick-Response Checklist and infographic as well as guidance that outlines the steps that a HIPAA-covered entity or business associate can take in response to a cyber threat or attack.

In addition to reporting to OCR as soon as possible any breach of protected health information (PHI) affecting 500 or more individuals, OCR recommends in its checklist that a health care organization experiencing a cyberattack or similar emergency do the following:

  • Execute its response and mitigation procedures and contingency plans;
  • Report the crime to other law enforcement agencies; and
  • Report all cyber threat indicators to the appropriate federal and information-sharing and analysis organizations.

The OCR guidance materials also encourage health care organizations to share threat, attack and vulnerability information with each other in order to reduce the threat of ongoing harm.

Securing the information exchange of health data is a significant challenge. OCR is vocalizing its awareness of this challenge by urging health care organizations to pursue security preparedness, responsiveness and consequence management in order to minimize the impact of any breaches.

If your health care organization has questions about health care cybersecurity or if it has experienced a cyberattack, please contact any member of Drinker Biddle’s Health Care Team.

The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.

Related Legal Services

Related Industries

The Faegre Drinker Biddle & Reath LLP website uses cookies to make your browsing experience as useful as possible. In order to have the full site experience, keep cookies enabled on your web browser. By browsing our site with cookies enabled, you are agreeing to their use. Review Faegre Drinker Biddle & Reath LLP's cookies information for more details.