Latham & Watkins Discusses How Healthcare Firms Can Prepare for the Next Cyberattack

On June 2, 2017, in the wake of the widespread cyberattack caused by the WannaCry ransomware cryptoworm, the US Department of Health & Human Services (HHS), Office for Civil Rights (OCR) added to its arsenal of cybersecurity guidance a checklist to assist HIPAA Covered Entities and Business Associates in responding to cyber-related security incidents (the Cybersecurity Checklist).1 The Cybersecurity Checklist focuses on entities’ execution of their incident response plans as well as external reporting obligations, and encourages entities to perform certain mitigating efforts, including sharing information with private-sector information-sharing and analysis organizations (ISAOs). In addition, recent OCR enforcement matters … Read more