Guidance on Ransomware Attacks under HIPAA and State Data Breach Notification Laws



Amy Gordon, Ann Killilea, Michael Morgan, Susan Nash, and Angela Stockbridge wrote this bylined article on new HIPAA guidance to covered entities and business associates on dealing with ransomware attacks. The guidance “establishes a floor for the security of electronic protected health information, although additional and/or more stringent security measures are certainly permissible and may be required under state law,” the authors wrote.