Office for Civil Rights unveils resources to help response to cyberattack
June 20, 2017
— A new checklist from the federal government offers resources to dentists in the event of a cyberattack.
from the U.S. Department of Health & Human Services Office for Civil Rights are available online.
The information is geared towards health care facilities, including dental practices, covered under the Health Insurance Portability and Accountability Act.
The checklist includes steps to take in the event of a cyberattack, such as mitigation procedures and reporting any breach of unsecured protected health information to the Office of Civil Rights.
The Office of Civil Rights, according to a news release, presumes all cyber-related security incidents where protected health information was accessed, acquired, used or disclosed are reportable breaches unless the information was encrypted by the entity at the time of the incident or the entity determines, through a written risk assessment, that there was a low probability that the information was compromised during the breach.
The HIPAA Security Rule requires HIPAA-covered entities and business associates to identify and respond to suspected or known security incidents; mitigate, to the extent practicable, harmful effects of security incidents that are known to the covered entity or business associate; and document security incidents and their outcomes. The HIPAA Security Rule also requires HIPAA-covered entities and business associates to establish and implement contingency plans, including data backup plans, disaster recovery plans and emergency mode operation plans.
More information from the Office of Civil Rights on ransomware is available here
The ADA Center for Professional Success also has a resource on protecting practices from ransomware by visiting Success.ADA.org and searching for "ransomware."