A June 12 article in Bloomberg BNA's Privacy Law Watch and other publications, "HHS Offers Health-Care Companies Cyberattack Response Checklist," reported that the Department of Health and Human Services' Office for Civil Rights (OCR) is stepping up efforts to help healthcare companies deal with cyberattacks with a checklist of steps to take in response to the threats. Day Pitney healthcare lawyer Eric Fader was quoted in the article.

The new checklist and the OCR's prior published guidance on ransomware highlight the agency's interest in educating healthcare providers and helping them with their HIPAA compliance, Eric told Bloomberg BNA, pointing out that the OCR is "not simply lying in the weeds waiting to penalize those who suffer cyberattacks and other breaches." He added, "I think at this point most larger health-care organizations were already aware of their obligations, including mitigation in the event of a breach, but with each public communication, the OCR is catching the attention of a few additional smaller providers who may have been sleeping through the ever-increasing media coverage of cyberrisks and data breaches."