June 12, 2017. The Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) published on June 8, 2017 via its SecurityList “OCR Quick Response Cyber Attack Checklist and Graphic.” The Checklist is entitled: My entity just experienced a cyber-attack! What do we do now? – A Quick-Response Checklist from the HHS, Office for Civil Rights (OCR).
The subject areas in this document, for which important is provided in the document, are:
Be sure to read the footnoted information pertaining to these headings, much of which relates to complying with the HIPAA Privacy and Security Rules and the HITECH Act Breach Notification Rule.
The Graphic is entitled: Cyber-Attack Quick Response. The Graphic asks: “Experienced a ransomware attack or other cyber-related security incident? This Cyber-Attack Quick Response guide will explain steps that a HIPAA covered entity or its business associate should take to respond.” The Graphic should be reprinted and posted in break rooms, discussed in workforce member meetings, and included as a specific topic in safeguard training sessions. HIPAA Integrity® provides written policies and procedures and guidance for complying with events that are covered in the Checklist and Graphic.