Whether it’s a ransomware attack or a cyber security incident, healthcare organizations have specific obligations to manage the incursion and file appropriate reports with the federal government. Recently, the Office for Civil Rights of the Department of Health and Human Services outlined the basic steps for healthcare organizations to take in response to a cyber-related security incident. The steps are the same for either a healthcare provider, as a HIPAA-covered entity, or business associate.
