The U.S. Office for Civil Rights (OCR) has issued guidance urging physicians and other HIPAA-covered entities and their business associates to report any suspicious cyber activity to the U.S. Computer Emergency Readiness Team (US-CERT). You should report phishing, malware, and other cyber security incidents and vulnerabilities.
“The nation’s health care system is part of the national infrastructure that has increasingly come under attack from cyber threats,” OCR said. “This type of information sharing is one of the many opportunities … to protect the entire health care system from cybersecurity threats.”
You can use US-CERT’s secure form to report suspicious cyber activity. Include technical information in the report, but do not include any protected health information, which would be a HIPAA violation.
Find more security guidance on the U.S. Department of Health and Human Services (HHS) and US-CERT websites. See also:
Published March 15, 2017
TMA Practice E-Tips main page
Last Updated On
March 16, 2017
Originally Published On
March 15, 2017