Daily News

HHS official clarifies breach notification requirements amid 'WannaCry' attack

May 18, 2017 |
Joshua Higgins
Bookmark and Share

A Department of Health and Human Services official is highlighting the department’s guidance on ransomware attacks in the aftermath of the “WannaCry” episode affecting international health organizations and other sectors, clarifying when ransomware incidents would require breach notifications and risk assessments.

Iliana Peters, senior adviser for Health Insurance Portability and Accountability Act compliance and enforcement at HHS’ Office of Civil Rights, said at Georgetown Law’s Cybersecurity Law Institute on Wednesday that “we presume a breach has occurred” when an HIPAA...


Not a subscriber? Sign up for 30 days free access to exclusive, behind-the-scenes reporting on cybersecurity policy under the Trump administration.

Log in to access this content.