The U.S. Department of Health and Human Services (“HHS”) Office of Civil Rights (“OCR”) recently released guidance on whether or not a ransomware attack constitutes a reportable health care data breach under federal law. The question of whether or not to disclose such a breach depends on what data an attacker gained access to and the likelihood that sensitive data was stolen in the commission of a ransomware attack. During this program The Crypsis Group’s Jason Rebholz and McDonald Hopkins attorney Dominic Paluzzi will:
- Present an illustrative case study that demonstrates how a victim of a ransomware responded from both a technical and legal perspective
- Discuss how the recent proliferation of ransomware is impacting healthcare organizations
- Dissect the HHS issued guidance and what organizations need to do to determine disclosure requirements in the event of a ransomware attack
- Review cautionary measures organizations can take to mitigate the likelihood of ransomware attacks.