The US Department of Health and Human Services has recently issued guidance under the Health Insurance Portability and Accountability Act on what covered entities and business associates can do to prevent and recover from ransomware attacks; however, other state data breach notification laws can also be triggered by a ransomware attack. The authors of this article explain the guidance and what to do if you are subject to a ransomware attack.
Guidance on Ransomware Attacks under HIPAA and State Data Breach Notification Laws
By Anthony A. Bongiorno and Michael G. Morgan on January 12, 2017
Anthony A. BongiornoAnthony (Tony) A. Bongiorno has extensive jury trial experience in a variety of commercial matters and serves as the partner-in-charge of the Firm’s Boston office. Tony has successfully tried cases in various federal and state courts around the country. In addition to his significant jury trial experience, Tony has also tried matters under the auspices of the American Arbitration Association, the International Centre for Dispute Resolution and the International Chamber of Commerce. Tony has represented clients in many industries, including energy, health care, biotech and construction.
Michael G. MorganMichael Morgan is a leader of the Firm’s Global Privacy and Cybersecurity practice. Recognized as one of the nation’s leading lawyers in cyber incident response, Mike has guided clients through some of the largest and most complex data breaches, including state-sponsored attacks, breaches involving more than 50 million records, and incidents affecting persons in more than 100 countries around the world. He represents clients in the defense of breach-related government investigations and class action litigation as well as pre-breach planning and post-breach remediation. Read Michael Morgan's full bio.
Related Posts
- Guidance on Ransomware Attacks under HIPAA and State Data Breach Notification Laws
- Hospital Settles With OCR for $4.75 Million Over HIPAA Violations
- How Dobbs Has Changed the Data Privacy Landscape
- HHS Issues Guidance on Requirements Under HIPAA for Online Tracking Technologies, Addressing Privacy and Security Concerns Related to Health Information
- FTC Issues Policy Statement Expanding Interpretation of Health Breach Notification Rule’s Scope
BLOG EDITORS
STAY CONNECTED
TOPICS
ARCHIVES
RECENT POSTS
- Complying With the ‘Relevant Data’ Requirement Under the Final 2024 Mental Health Parity and Addiction Equity Act: A Proposal for a Workable Alternative
- HHS Letter Reiterates Expectations for Language Accessibility
- Employee Benefit Plans: Important Considerations for Year-End and 2025
- Post-Election Outlook: Issues to Watch for Pharmacy Industry Stakeholders
- Post-Election Health Policy Priorities
