The US Department of Health and Human Services has recently issued guidance under the Health Insurance Portability and Accountability Act on what covered entities and business associates can do to prevent and recover from ransomware attacks; however, other state data breach notification laws can also be triggered by a ransomware attack. The authors of this article explain the guidance and what to do if you are subject to a ransomware attack.
Guidance on Ransomware Attacks under HIPAA and State Data Breach Notification Laws
By Anthony A. Bongiorno and Michael G. Morgan on January 12, 2017

Anthony (Tony) A. Bongiorno has extensive jury trial experience in a variety of commercial matters and serves as the partner-in-charge of the Firm’s Boston office. Tony has successfully tried cases in various federal and state courts around the country. In addition to his significant jury trial experience, Tony has also tried matters under the auspices of the American Arbitration Association, the International Centre for Dispute Resolution and the International Chamber of Commerce. Tony has represented clients in many industries, including energy, health care, biotech and construction. Read Anthony A. Bongiorno's full bio.

Michael Morgan is a leader of the Firm’s Global Privacy and Cybersecurity practice. Recognized as one of the nation’s leading lawyers in cyber incident response, Mike has guided clients through some of the largest and most complex data breaches, including state-sponsored attacks, breaches involving more than 50 million records, and incidents affecting persons in more than 100 countries around the world. He represents clients in the defense of breach-related government investigations and class action litigation as well as pre-breach planning and post-breach remediation. Read Michael Morgan's full bio.
Related Posts
- Guidance on Ransomware Attacks under HIPAA and State Data Breach Notification Laws
- FTC Issues Policy Statement Expanding Interpretation of Health Breach Notification Rule’s Scope
- VIDEO: Transfers of Health Data from the European Union to the United States in a Post-Schrems II World
- COVID-19: FAQs on Employees Experiencing Symptoms and Employee Absences
- 7 Tips to Avoid Compliance Missteps During Open Enrollment
BLOG EDITORS
STAY CONNECTED
TOPICS
ARCHIVES
RECENT POSTS
- Employers, Employees Search for Answers After Dobbs Decision
- ESOP Litigation: Latest Trends and Questions
- US Supreme Court Ruling Complicates Abortion Insurance Coverage
- Conflicting State Laws and ‘Unpredictable’ Enforcement Await Providers in Post-Roe America
- California Supreme Court Clarifies Whether Missed-Break Premiums Are ‘Wages’ That Trigger Derivative Penalties

