The HHS cybersecurity best practices serve as a guide healthcare organizations can adopt to improve their security posture. One of these best practices is security incident response.  HIPAA requires healthcare organizations to report security incidents to the Office for Civil Rights (OCR). HIPAA defines a security incident as “the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or [...]