The HHS Office for Civil Rights, which enforces the HIPAA privacy and security rules, is developing guidance on how to react to a ransomware attack, and two members of Congress have chimed in with their own ideas.

In a letter to Deven McGraw, deputy director for health information privacy, Reps. Ted Lieu (D-Calif.) and Will Hurd (R-Texas) ask to raise issues that differentiate ransomware from conventional hacking. For instance, on the question of whether ransomware is a breach of protected health information if the information was not moved from where it is served but is not accessible, the lawmakers say yes.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access