The US Department of Health and Human Services has recently issued guidance under the Health Insurance Portability and Accountability Act on what covered entities and business associates can do to prevent and recover from ransomware attacks; however, other state data breach notification laws can also be triggered by a ransomware attack. The authors of this article explain the guidance and what to do if you are subject to a ransomware attack.
Guidance on Ransomware Attacks under HIPAA and State Data Breach Notification Laws
By Anthony A. Bongiorno and Michael G. Morgan on January 12, 2017