4 Steps Physician Groups Need to Take After a Cyber Breach

The Department of Health and Human Services has created a checklist to help HIPAA-covered entities determine the appropriate steps to make in the event of a cyber-related security incident. Below is a summary of the steps and obligations regarding entities subject to HIPAA rules and the data that must be protected under law.

4 Steps Physicians Groups Need to Take After a Cyber Breach

1.Execute incident response and contingency plan

This response plan should be a designed set of instructions to help physician groups prepare for, detect, respond, and recover from cyber related incidents. These plans are primarily technology driven and address malware detection, data theft, services outages, and address departments such as HR, finance, and customer service. A “who does what and when” plan.

2.Report the crime to appropriate law enforcement

This may include state or local law enforcement, the FBI or the Secret Service. Swift reporting can help facilitate the recovery of lost funds. Reports should not include PHI unless otherwise permitted under HIPAA.


3.Report all cyber threat indicators to federal and information-sharing and analysis organizations

Ex. Department of Homeland Security, the HHS Assistant Secretary for Preparedness and Response, and private sector cyber threat ISAOs.


4.Report the breach to affected patients and to office for civil rights (OCR) as soon as possible

If the breach affects 500 or more patients, the practice must notify affected patients, OCR, and the media no later than 60 days after discovery of the breach, unless law enforcement has requested a delay in reporting. If the cyber breach has affected fewer than 500 patients, the practice must notify the affected individuals without unreasonable delay, but no later than 60 days after discovery of the breach and notify OCR within 60 days after the end of calendar year in which the breach was discovered.

4 Steps Physician Groups Need to Take After a Cyber Breach

Contact us today to connect with a cyber expert on our team, who can help you make sure you have appropriate coverage and can walk you through the steps you need to take after a cyber breach.



This material has been prepared for informational purposes only and was generated from information provided to BKS from the client and/or third-party sources. Therefore, BKS makes no warranty or representation(s) as to the accuracy or appropriateness of the data and/or the analysis herein. This information is not intended to provide, and should not be relied on for, tax, legal or accounting advice. You should consult your tax, legal and accounting advisors for those services.

Related Articles

Click here to access our accessibility compliant site