Outbreak – Ransomware Reporting Requirements In The Health Care Industry

September 22, 2016

The U.S. Department of Health and Human Services (“HHS”) Office of Civil Rights (“OCR”) recently released guidance on whether or not a ransomware attack constitutes a reportable health care data breach under federal law. The question of whether or not to disclose such a breach depends on what data an attacker gained access to and the likelihood that sensitive data was stolen in the commission of a ransomware attack. During this program The Crypsis Group’s Jason Rebholz and McDonald Hopkins attorney Dominic Paluzzi will:

  • Present an illustrative case study that demonstrates how a victim of a ransomware responded from both a technical and legal perspective
  • Discuss how the recent proliferation of ransomware is impacting healthcare organizations
  • Dissect the HHS issued guidance and what organizations need to do to determine disclosure requirements in the event of a ransomware attack
  • Review cautionary measures organizations can take to mitigate the likelihood of ransomware attacks.

Topics: Webinars