Reps. Ted Lieu, Will Hurd: HHS Should Require Health Providers to Notify Govt Agencies of Ransomware Attacks

electronic-health-record-EHRReps. Ted Lieu (D-California) and Will Hurd (R-Texas) have asked the Department of Health and Human Services to develop guidance that would require healthcare providers to immediately report cases of ransomware-related attacks to government agencies and information sharing and analysis organizations.

The lawmakers told Deven McGraw, deputy director for health information privacy at HHS’ office of civil rights, in a letter released Monday that the guidance should facilitate reporting of ransomware attacks to agencies and ISAOs in compliance with the disclosure requirements of the Health Insurance Portability and Accountability Act and Health Information Technology for Economic and Clinical Health Act.

The guidance should also direct health providers to immediately notify patients in cases where a denial of access to medical services or electronic health records occurs as a result of a ransomware attack, Hurd and Lieu wrote in the letter.

“We need to make clear that ransomware is not the same as conventional breaches,” Lieu said in a statement released Tuesday.

“Not only could this be a threat to privacy, but it could result in medical complications and deaths if hospitals can’t access patient information.”

You may also be interested in...

Cybersecurity and

CISA Provides Physical Security Guidance for COVID-19 Vaccine Distribution Satellite Clinics

The Cybersecurity and Infrastructure Security Agency (CISA) has published a document to support the physical security of COVID-19 vaccine distribution points. CISA developed the guide to help POD managers strengthen their facilities' security and ensure that vaccine delivery is not interrupted by physical security threats. The agency also released an infographic to guide the security of COVID-19 vaccine distribution in general.

Leave a Reply

Your email address will not be published. Required fields are marked *