top of page

Hacked? Now What?

Admin

The HHS Office of Civil Rights published this brief checklist of what to do if your practice experiences a cyber attack or similar incident.


While the linked PDF goes into some more detail, the broad steps are:

  • The entity must execute its response and mitigation procedures and contingency plans.

  • Report the crime to other law enforcement agencies, which may include state or local law enforcement, the Federal Bureau of Investigation (FBI), and/or the Secret Service.

  • Report all cyber threat indicators to federal and information-sharing and analysis organizations (ISAOs), including the Department of Homeland Security.

  • Must report the breach to OCR as soon as possible, but no later than 60 days after the discovery of a breach affecting 500 or more individuals, and notify affected individuals and the media unless a law enforcement official has requested a delay in the reporting.

The document also points out that "OCR considers all mitigation efforts taken by the entity during in any particular breach investigation. Such efforts include voluntary sharing of breach-related information with law enforcement agencies and other federal and analysis organizations as described above."


6 views
bottom of page