Outbreak - Ransomware Reporting Requirements in the Health Care Industry
The U.S. Department of Health and Human Services Office for Civil Rights recently released guidance on whether or not a ransomware attack on covered entities and business associates constitutes a reportable health care data breach under federal law. The question of whether or not to disclose such a breach depends on what data an attacker gained access to and the likelihood that sensitive data was stolen in the commission of a ransomware attack.
During this program The Crypsis Group’s Jason Rebholz and McDonald Hopkins attorney Dominic Paluzzi will discuss a variety of topics, listed below.
Click here to register.
- An illustrative case study that demonstrates how a victim of ransomware responded from both a technical and legal perspective
- How the recent proliferation of ransomware is impacting healthcare organizations
- Dissect HHS OCR's issued guidance and what organizations need to do to determine breach notification requirements in the event of a ransomware attack
- Cautionary measures organizations can take to mitigate the likelihood of ransomware attacks