New HIPAA Guidance on Ransomware Attacks and ePHI Security

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has released new HIPAA guidance about how HIPAA-beholden entities can better equip themselves to deal with ransomware attacks. Ransomware is a targeted kind of malware attack that takes data 'hostage.' The attackers responsible then give the organization a countdown to a time at which they expect to receive a 'ransom' in exchange for restored access [...]