file folders with Patient Health Records label and Confidential stamp

With the relatively recent development of ransomware, the Department of Health and Human Services' Office has started developing guidance for how to handle ransomware attacks in circumstance in which information that may be protected under HIPAA security rules could be compromised. Currently the recommended course of action is to determine whether or not the information has only been encrypted or if the files were actually copied, infiltrated or extracted in anyway. More information on the development of the relationship between ransomware and HIPAA is located at http://www.healthcareinfosecurity.com/interviews/determining-if-ransomware-attack-reportable-breach-i-3208.