Greg Fliszar, a member of Cozen O’Connor’s Health Law practice group, discusses the increased use of ransomware against U.S. hospitals by cyber extortionists. In response, the U.S. Department of Health and Human Services’ Office for Civil Rights has provided guidance on how hospitals can deal with cyber extortionists and ransomware. Greg says that one new aspect of the guidance, “Is that it makes it clear that in general, protected health information that is accessed as part of a ransomware attack would be considered a HIPAA breach that would trigger notification provisions.” The new guidance also discusses what to do if an organization’s computer system is infected with ransomware.
To read the full article, click here.