Printer Friendly, PDF & Email

Security Checklist: OCR Advice on Preparing, Responding to Incidents

A “timely response” to a cybersecurity incident is one of the best ways to prevent, mitigate and recover from cyberattacks, according to HHS Office for Civil Rights (OCR). In addition, reporting any breach must occur “without reasonable delay,” OCR reminded HIPAA-regulated entities.

In its October 2022 OCR Cybersecurity Newsletter, OCR explained that “security incidents will almost inevitably occur during the lifetime of a regulated entity” and spelled out recommended procedures for HIPAA-covered health care entities to follow.[1] “Having a plan established and documented is essential to being able to detect security incidents quickly in order to respond to and recover from security incidents effectively,” OCR said.

Cybersecurity incidents and data breaches have continued to increase across all industries, including health care, OCR said, noting that a 2022 report noticed a 42% increase in cyberattacks for the first half of 2022 compared to 2021 and a 69% increase in cyberattacks targeting the health care sector.

“The number of data breaches occurring in the health care sector also continue to rise,” OCR wrote. “Breaches of unsecured protected health information (PHI), including [electronic] ePHI, reported to …OCR affecting 500 or more individuals increased from 663 in 2020 to 714 in 2021. Seventy-four percent (74%) of the breaches reported to OCR in 2021 involved hacking/IT incidents. In the health care sector, hacking is now the greatest threat to the privacy and security of PHI.”

This document is only available to subscribers. Please log in or purchase access.

Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field