The US Department of Health and Human Services has recently issued guidance under the Health Insurance Portability and Accountability Act on what covered entities and business associates can do to prevent and recover from ransomware attacks; however, other state data breach notification laws can also be triggered by a ransomware attack. The authors of this article explain the guidance and what to do if you are subject to a ransomware attack.
Guidance on Ransomware Attacks under HIPAA and State Data Breach Notification Laws
By Anthony A. Bongiorno and Michael G. Morgan on January 12, 2017
Anthony A. BongiornoAnthony (Tony) A. Bongiorno has extensive jury trial experience in a variety of commercial matters and serves as the partner-in-charge of the Firm’s Boston office. Tony has successfully tried cases in various federal and state courts around the country. In addition to his significant jury trial experience, Tony has also tried matters under the auspices of the American Arbitration Association, the International Centre for Dispute Resolution and the International Chamber of Commerce. Tony has represented clients in many industries, including energy, health care, biotech and construction. Read Anthony A. Bongiorno's full bio.
Michael G. MorganMichael Morgan is a leader of the Firm’s Global Privacy and Cybersecurity practice. Recognized as one of the nation’s leading lawyers in cyber incident response, Mike has guided clients through some of the largest and most complex data breaches, including state-sponsored attacks, breaches involving more than 50 million records, and incidents affecting persons in more than 100 countries around the world. He represents clients in the defense of breach-related government investigations and class action litigation as well as pre-breach planning and post-breach remediation. Read Michael Morgan's full bio.
Related Posts
- Guidance on Ransomware Attacks under HIPAA and State Data Breach Notification Laws
- HHS Issues Guidance on Requirements Under HIPAA for Online Tracking Technologies, Addressing Privacy and Security Concerns Related to Health Information
- FTC Issues Policy Statement Expanding Interpretation of Health Breach Notification Rule’s Scope
- VIDEO: Transfers of Health Data from the European Union to the United States in a Post-Schrems II World
- COVID-19: FAQs on Employees Experiencing Symptoms and Employee Absences
BLOG EDITORS
STAY CONNECTED
TOPICS
ARCHIVES
RECENT POSTS
- GOP Calls Biden’s Medicare Plans a Tax Hike on Small Businesses
- The Bosses May Be Back in Charge (but Not as Much as They Think)
- Coverage of COVID-19 Vaccines and the End of the COVID-19 Emergency
- NLRB Attacks Non-Disparagement and Confidentiality Clauses in Employee Releases, Severance Agreements
- District Court Vacates Provisions of No Surprises Act Final Rule
