DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Ransomware Resources for HIPAA Regulated Entities

Posted on September 21, 2021 by Dissent

The HHS Office for Civil Rights (OCR) is sharing the following information to ensure that HIPAA regulated entities are aware of the resources available to assist in preventing, detecting, and mitigating breaches of unsecured protected health information caused by hacking and ransomware.

HHS Health Sector Cybersecurity Coordination Center Threat Briefs:

  • https://www.hhs.gov/about/agencies/asa/ocio/hc3/products/index.html#sector-alerts
    • January 28, 2021 – ATTACK for Emotet
    • March 12, 2021 – New Ryuk Variant Analyst Note
    • April 8, 2021 – Ryuk Variants
    • May 25, 2021 – Conti Ransomware Analyst Note
    • June 3, 2021 – Ransomware Trends 2021
    • July 8, 2021 – Conti Ransomware
    • July 8, 2021 – Phobos Ransomware Analyst Note
    • August 5, 2021 – Qbot/QakBot Ransomware
    • August 6, 2021 – Lazio Ransomware Attack Analyst Note
    • August 19, 2021 – REvil Update
    • August 24, 2021 – OnePercent Group Ransomware Alert
    • August 25, 2021 – IOCs Associated with Hive Ransomware Alert
    • September 2, 2021 – Demystifying BlackMatter

HHS Resources on Section 405(d) of the Cybersecurity Act of 2015:

  • Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients https://www.phe.gov/Preparedness/planning/405d/Pages/hic-practices.aspx
  • Cybersecurity Reports and Tools https://www.phe.gov/Preparedness/planning/405d/Pages/reportandtools.aspx

OCR Guidance:

  • Ransomware https://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf
  • Cybersecurity

https://www.hhs.gov/hipaa/for-professionals/security/guidance/cybersecurity/index.html

  • Risk Analysis

https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/rafinalguidancepdf.pdf

HHS Security Risk Assessment Tool:

  • https://www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-tool

CISA Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches:

  • https://www.cisa.gov/stopransomware
  • https://www.cisa.gov/sites/default/files/publications/CISA_Fact_Sheet-Protecting_Sensitive_and_Personal_Information_from_Ransomware-Caused_Data_Breaches-508C.pdf

CISA Ransomware Guide:

  • https://www.cisa.gov/sites/default/files/publications/CISA_MS-ISAC_Ransomware%20Guide_S508C_.pdf

FBI Ransomware Resources:

  • https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/ransomware
  • https://www.ic3.gov/Media/Y2019/PSA191002

OCR Cybersecurity Newsletters:

  • Making a List and Checking it Twice: HIPAA and IT Asset Inventories (Summer 2020 Cybersecurity newsletter): https://www.hhs.gov/hipaa/for-professionals/security/guidance/cybersecurity-newsletter-summer-2020/index.html
  • What Happened to My Data?: Update on Preventing, Mitigating and Responding to Ransomware (Fall 2019 Cybersecurity Newsletter):https://www.hhs.gov/hipaa/for-professionals/security/guidance/cybersecurity-newsletter-fall-2019/index.html
  • Phishing (February 2018 Cybersecurity Newsletter): https://www.hhs.gov/sites/default/files/cybersecurity-newsletter-february-2018.pdf
  • Plan A… B… Contingency Plan! (March 2018 Cybersecurity Newsletter): https://www.hhs.gov/sites/default/files/march-2018-ocr-cyber-newsletter-contingency-planning.pdf
  • Cybersecurity Incidents will happen… Remember to Plan, Respond, and Report! (May 2017 Cybersecurity newsletter): https://www.hhs.gov/sites/default/files/may-2017-ocr-cyber-newsletter.pdf

REMINDER: A ransomware attack may result in a breach of unsecured protected health information that triggers reporting requirements under the HIPAA Breach Notification Rule.  HIPAA covered entities and business associates should review OCR’s ransomware guidance at https://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf for information regarding potential breach notification obligations following a ransomware attack.

Source:  HHS

Related posts:

  • HIPAA Security Rule Facility Access Controls – What are they and how do you implement them?
  • HHS’ Office for Civil Rights Settles Malicious Insider Cybersecurity Investigation for $4.75 Million
  • HHS Office for Civil Rights Imposes a $240,000 Civil Monetary Penalty Against Providence Medical Institute in HIPAA Ransomware Cybersecurity Investigation
  • HHS’ Office for Civil Rights Settles First Ever Phishing Cyber-Attack Investigation
Category: Breach LawsCommentaries and AnalysesFederalHealth DataHIPAALegislationMalwareOf NoteU.S.

Post navigation

← Adventures in Notification, Ethical Dilemma Edition
U.S. Treasury Department: Publication of Updated Ransomware Advisory; Cyber-related Designation →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked
  • Hunters International to provide free decryptors for all victims as they shut down (2)
  • SEC and SolarWinds Seek Settlement in Securities Fraud Case
  • Cyberattacks Disrupt Iran’s Bread Distribution, Payments Remain Frozen
  • Hacker with ‘political agenda’ stole data from Columbia, university says
  • Keymous+ Hacker Group Claims Responsibility for Over 700 Global DDoS Attacks
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t
  • Oregon Amends Its Comprehensive Privacy Statute
  • Wisconsin Supreme Court’s Liberal Majority Strikes Down 176-Year-Old Abortion Ban

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.