Home > Legal Updates > OCR issues guidance on cyber threat reporting and monitoring

OCR issues guidance on cyber threat reporting and monitoring

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently issued guidance on reporting and monitoring cyber threats. The guidance comes just five months after the U.S. Government Accountability Office (GAO) reported that data breaches involving medical records of 500 or more individuals are increasing, a trend that is expected to continue as technology continues to evolve. In connection with its report, the GAO pushed OCR to update its guidance on protecting electronic health information.

The guidance encourages covered entities and business associates to report any suspicious activity (cyber security incidents, cyber threat indicators and defensive measures, phishing incidents, malware and software vulnerabilities) to the U.S. Computer Emergency Readiness Team (US-CERT).

Read More