HHS Issues Ransomware Guidance

HHS issued Ransomware guidance recently that clarified that a ransomware attack involving ePHI (electronic Protected Health Information) is a HIPAA breach unless the Covered Entity of Business Associate can demonstrate that there is a low probability that the PHI has been compromised. Ransomware is a […]

LoadingAdd to favorites

OCR Crosswalk Between NIST Cybersecurity Framework and the HIPAA Security Rule

Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity was issued by President Obama in 2013, and called for the development of a voluntary risk-based cybersecurity framework (CSF) that is “prioritized, flexible, repeatable, performance-based, and cost-effective.” In response, the National Institute of Standards […]

LoadingAdd to favorites

The NIST Cybersecurity Framework

Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, was issued by President Obama in 2013, and called for the development of a voluntary risk-based cybersecurity framework (CSF) that is “prioritized, flexible, repeatable, performance-based, and cost-effective.” In response, the National Institute of […]

LoadingAdd to favorites