New HIPAA guidance on ransomware in healthcare


The U.S. Department of Health and Human Services (HHS) recently released new Health Insurance Portability and Accountability Act (HIPAA) guidance on dealing with ransomware for healthcare entities and business associates.

The new information is especially important as the frequency of daily ransomware attacks has increased significantly since 2015 (4,000 per day in 2016, 1,000 per day in 2015). The guidance states that healthcare orgs must report ransomware attacks to the HHS and includes recommended security measures to protect against malware.

Learn more about the HHS guidance and its implications in Thu Pham’s new blog.