Reps. Ted Lieu, Will Hurd: HHS Should Require Health Providers to Notify Govt Agencies of Ransomware Attacks

electronic-health-record-EHRReps. Ted Lieu (D-California) and Will Hurd (R-Texas) have asked the Department of Health and Human Services to develop guidance that would require healthcare providers to immediately report cases of ransomware-related attacks to government agencies and information sharing and analysis organizations.

The lawmakers told Deven McGraw, deputy director for health information privacy at HHS’ office of civil rights, in a letter released Monday that the guidance should facilitate reporting of ransomware attacks to agencies and ISAOs in compliance with the disclosure requirements of the Health Insurance Portability and Accountability Act and Health Information Technology for Economic and Clinical Health Act.

The guidance should also direct health providers to immediately notify patients in cases where a denial of access to medical services or electronic health records occurs as a result of a ransomware attack, Hurd and Lieu wrote in the letter.

“We need to make clear that ransomware is not the same as conventional breaches,” Lieu said in a statement released Tuesday.

“Not only could this be a threat to privacy, but it could result in medical complications and deaths if hospitals can’t access patient information.”

Check Also

COVID-19 Analytics

State Dept’s COVID-19 Analytics Team Develops Repatriation Data Mgmt Tool

The State Department has created a data analytics team that works to provide actionable results from COVID-19 datasets and support the department’s repatriation efforts for Americans impacted by the pandemic overseas, Nextgov reported Tuesday.

Leave a Reply

Your email address will not be published. Required fields are marked *