Malware vs Health Care
Our team assisted a large health care system with a security incident involving malware attacking its computer systems. We helped the client obtain outside experts for its investigation using our contacts in the industry and developed a security incident response plan. We analyzed and advised on whether the incident rose to the level of a breach of unsecured protected health information under the HIPAA Security Breach Notification Rule. We also analyzed the applicable state breach notification laws and aided in the drafting of the required notifications to affected individuals and covered entities, the media, and regulatory bodies. We also assisted in the development of fact sheets and other materials that were used for internal and external communications regarding the incident.