Experienced a ransomware attack or other cyber-related security incident?

This Cyber-Attack Quick Response guide will explain the steps that a HIPAA-covered entity or its Business Associate should take to respond.

Phone Security

  1. The entity must execute response and mitigation procedures, and contingency plans.
Report Cyber Attack
Report Crime

2. The entity should report the crime to criminal law enforcement agencies.

Report Theat

3. The entity should report all cyber threat indicators to the appropriate federal agencies and ISAOs.

Assess Cyber Attack
Assess Cyber Attack

4. The entity must assess the incident to determine if there is a breach of protected health information.