Calfee, Halter & Griswold LLPOffice for Civil Rights Issues Cyber-Attack Response Checklist

June 13, 2017

The worldwide WannaCry ransomware attack that began in Europe on May 12, 2017 may still be fresh on your memory. On June 9, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) issued a quick-response checklist for Health Insurance Portability and Accountability Act (HIPAA) Covered Entities and Business Associates who experienced a ransomware attack or other cyber-related security incident. The checklist requires that, in the event of such an incident, the affected entity should:

  • Execute its existing response and mitigation procedures and contingency plans (mandatory);
  • Report the crime to the appropriate law enforcement agencies, which may include state or local law enforcement, the FBI and/or the Secret Service;
  • Report all cyber threat indicators to federal and information-sharing and analysis organizations (ISAOs); and
  • Report the breach to OCR as soon as possible (mandatory). 

The full checklist and an infographic can be found here:
Checklist / Infographic

OCR considers all mitigation efforts taken by the entity during any particular breach investigation, including voluntary sharing of breached-related information with law enforcement agencies and other federal and analysis organizations. As a result, it is important for Covered Entities and Business Associates to understand the procedures on OCR’s checklist.

Sign-Up for future First Alerts

For additional information and discussion on this topic, please get in touch with your regular Calfee contact or one of the attorneys listed below:

This alert is provided by Calfee, Halter & Griswold LLP for education and information purposes only. This alert is not intended to provide legal advice on specific subjects. The resolution of legal issues depends upon the specific facts of a particular situation and the laws involved and prior results do not guarantee a similar outcome. This alert may be considered advertising under applicable laws. Some links within this alert may lead to web sites. Calfee, Halter & Griswold LLP does not necessarily sponsor, endorse or otherwise approve of the materials appearing in such sites. All trademarks and copyrighted material are the property of their respective owners and the use of such material in this alert, articles, or by Calfee, Halter & Griswold LLP is for informational purposes only and does not indicate sponsorship or endorsement by the trademark or copyright holder of either Calfee or the content of this alert.