Experts: There’s no gray area with ransomware breach reporting
Partners Steve Gravely and Erin Whaley were quoted in an article in HealthCare IT News about updated ransomware breach reporting guidelines released by the Office of Civil Rights (OCR). “OCR guidance is very clear on what the HIPAA Breach Notification Rule requires in the event of a ransomware attack,” said Gravely. “I don’t think that there is any ambiguity in the OCR guidance.” “Organizations must start with the presumption that ransomware is a breach – even though there may be facts that might contradict that assumption,” Whaley said.