Ransomware and Healthcare Organizations

The Office for Civil Rights OCR seems to consider all ransomware events a breach unless proven otherwise. This is because successful ransomware incidents affect all three aspects of data security (Confidentiality, Integrity, and Availability). Specifically:

There are however ways to prove that the data is still safe and this isn't a breach. Organizations needs to look at following:

Specifically, OCR Fact Sheet provides following four investigation steps (at minimum) to determine if there was a breach:

In meantime, backup, backup, backup. It is always a good strategy to have offline backups. In addition, test your backups manually. We have become too reliant on machines and machines can be corrupted.
alt

The author would love to hear your comments. Let us discuss at Twitter @hashtaginfosec.