Deven McGraw, deputy director for health information privacy at HHS’ OCR, told Bloomberg BNA the guidance will clarify when a ransomware attack is considered a data breach, a currently murky designation, as ransomware generally just encrypts and prevents access to data instead of extracting the data.
So far, healthcare organizations have not reported ransomware events as breaches, according to the report. However, Ms. McGraw told Bloomberg BNA ransomware events will likely be considered breaches because healthcare organizations still lose control of their data in these events.
More articles on ransomware:
House of Representatives targeted in ransomware attempts
First known ransomware attack in 1989 also targeted healthcare
FBI: Hospitals must take ransomware threat seriously
At the Becker's 11th Annual IT + Revenue Cycle Conference: The Future of AI & Digital Health, taking place September 14–17 in Chicago, healthcare executives and digital leaders from across the country will come together to explore how AI, interoperability, cybersecurity, and revenue cycle innovation are transforming care delivery, strengthening financial performance, and driving the next era of digital health. Apply for complimentary registration now.
