If a healthcare organization's computers are infected with ransomware, the government considers it a data breach unless there’s a “low probability” information has been compromised, according to much-anticipated guidance on ransomware and HIPAA from the Health and Human Services Department’s Office for Civil Rights.
“The guidance makes clear that a ransomware attack usually results in a ‘breach’ of healthcare information under the HIPAA Breach Notification Rule,” adds OCR Director Jocelyn Samuels in an announcement on the guidance.
Read Full Article »
