HIPAA Cyber Attack Response Checklist: Under the Health Insurance Portability and Accountability Act (HIPAA), a covered entity that experiences a ransomware attack or other cyberrelated security incident must take immediate steps to prevent or mitigate any impermissible release of protected health information (PHI). The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued a checklist to help HIPAAcovered
entities determine the specific steps they must take in the event of a data breach. Entities subject to HIPAA should become familiar with the OCR’s checklist and other guidance for handling cyber security breaches involving PHI. These entities should also ensure they have plans for mitigating the effects of breaches.