Birmingham Medical News: Cyber Threats Equal Serious Threats

Articles / Publications

Reprinted with Permission from the Birmingham Medical News

Everywhere you look these days, there seems to be another report of cyber-attacks which do not discriminate based on industry type, size of business, or impact. In other words, everyone is vulnerable. In fact, the phrase, "it is not if it happens, it is when it happens" has become commonplace when discussing security incidents.

Given the number of incidents occurring within the healthcare industry, over the past few months, the Office of Civil Rights ("OCR"), the entity overseeing compliance with the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), and its implementing regulations, has issued extensive guidance on monitoring cyber threats and responding to cyber attacks. One theme throughout the OCR guidance is reporting the incident to various governmental authorities. However, while governmental reporting can have significant benefits, any disclosure of a cyber-incident needs to be carefully considered and analyzed.

In February, OCR issued guidance on reporting and monitoring cyber threats. In the February guidance, OCR encourages covered entities and business associates to report cyber security incidents, cyber threat indicators, and phishing incidents to the United States Computer Emergency Readiness Team ("US- CERT"), a branch within the Department of Homeland Security. US-CERT develops information on cyber security incidents, responds to incidents, and analyzes data regarding incidents. In addition, the February guidance encourages covered entities and business associates to sign up to receive email alerts from US-CERT regarding known patches and mitigations.

Download the full article, "Cyber Threats Equal Serious Threats" written by Kelli Carpenter Fleming.

Jump to Page

Contact Us

About Burr & Forman Cybersecurity & Data Privacy Law

Burr & Forman's experienced team helps clients navigate the complex cybersecurity and data privacy landscape with strategies designed to assess current risks, develop a corrective action plan, implement best practices, and provide immediate and appropriate responses to a cybersecurity breach.

We use cookies to improve your website experience, provide additional security, and remember you when you return to the website. This website does not respond to "Do Not Track" signals. By clicking "Accept," you agree to our use of cookies. To learn more about how we use cookies, please see our Privacy Policy.

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.