Is Ransomware Reportable Under HIPAA Requirements?

The Office for Civil Rights (OCR) states that “When electronic protected health information (ePHI) is encrypted as the result of a ransomware attack, a breach has occurred because the ePHI encrypted by the ransomware was acquired (i.e., unauthorized individuals have taken possession or control of the information), and thus is a “disclosure” not permitted under the HIPAA Privacy Rule,”.  Bad guys having control over your data and blackmailing you to retrieve the decryption keys qualifies as a breach.

F1 Solutions Performs Risk Assessments

As a reminder to those of you that fall under some kind of government compliance requirements, F1 Solutions can help you through the risk assessment and remediation process.  F1 is a leader in the Huntsville and North Al area and has the Information Technology security expertise that is essential to the regulatory compliance process.

What is F1 doing to be compliant?

Many of our clients fall under some type of government regulations due to the sensitivity or the data that they store, process or transmit.  Because F1 Solutions has unique access to client networks and manages clients in the Healthcare, Financial, Government Contracting, Infrastructure, and Retail industries, we decided years ago to strengthen our own data protections to better support you.

Need help finding ways to reduce business costs? Our FREE eBook has the answer.Learn more here