HIPAA and ransomware
The HIPAA security rule requires providers to take a number of steps to protect patient data, some of which can help covered entities and business associates prevent malware infections, according to HHS.
Implementing a security management process, including a risk analysis to identify threats and vulnerabilities to electronic protected health information and implementing security measures to mitigate or remediate those identified risks
Implementing procedures to guard against and detect malicious software
Training users on malicious software protection so they can assist in detecting such software and know how to report detections
Implementing controls to limit access to electronic protected health information to only those persons or software programs requiring it Source: HHS’ Office for Civil Rights, 2016