OCR Issues Quick Response Cyber Attack Checklist and Graphic

The U.S. Department of Health & Human Services (HHS), Office for Civil Rights (OCR) has developed and published a checklist and a corresponding infographic that explains the steps for a HIPAA covered entity or its business associate to take in response to a cyber-related security incident.

The checklist is available at: https://www.hhs.gov/sites/default/files/cyber-attack-checklist-06-2017.pdf

The infographic may be found at: https://www.hhs.gov/sites/default/files/cyber-attack-quick-response-infographic.gif

Covered entities and business associates are encouraged to review the recommended steps, including executing response and mitigation procedures and contingency plans, reporting the crime to law enforcement agencies, reporting cyber threat indicators to the appropriate federal and information-sharing and analysis organizations (ISAOs) and reporting the breach to the OCR and to affected individuals. In the publication, the OCR stated that it will consider all mitigation efforts taken by the affected entity during a breach investigation, including the sharing of non-protected breach-related information with law enforcement and other federal and analysis organizations.

The HHS also has published a ransomware fact sheet, that may be found at: https://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf