Healthcare News
Articles, Jobs and Consultants for the Healthcare Professional
Home      View Jobs     Post Jobs     Library     Advertise     Plan Financials     About     Subscribe     Contact    
Healthcare News
Richard S. Cooper. Esq., Member, McDonald Hopkins LLC

DOJ Cybersecurity Unit Releases Updated Best Practices for Victim Response and Cyber Incident Reporting

By Richard S. Cooper, Esq.
McDonald Hopkins LLC

See all this Month's Articles

Original Publish Date: November 6, 2018

Last month, the Cybersecurity Unit of the Department of Justice released its updated Best Practices for Victim Response and Reporting of Cyber Incidents, which outlines recommended steps to prepare for and respond to cyber incidents.

Preparation for Cyber Incidents

The guidance recommends the following pre-planning steps before a cyber intrusion or attack occurs:

After Detection of a Cyber Incident

The guidance describes the following steps in response to a cyber incident, and expresses the expectation that these issues will be addressed in the incident response plan:

  1. Immediately assess the nature and scope of the incident
  2. Implement measures to minimize continuing damage
  3. Record and collect information
  4. Notify appropriate points of contact within the organization, as well as law enforcement, regulators and other victims.

The guidance adds the following steps after a cyber incident appears to be resolved:

In addition, the security incident should be analyzed to determine what notifications (if any) are required under relevant contracts and law, such as the HITECH Breach Notification Rule if protected health information (PHI) is involved, and state law.

The importance of effective incident response planning is clear from this guidance and from observations of others within private and public sectors. In particular, the Department of Health and Human Services Office for Civil Rights has identified incident response planning as a priority for HIPAA covered entities and business associates.

Mr. Cooper provides legal representation to a broad range of hospitals, other healthcare facilities and physician groups across the United States. He has been listed in The Best Lawyers in America for health law for twenty-three consecutive years and selected for inclusion in Ohio Super Lawyers (2005-2015).

Visit the McDonald Hopkins LLC web site at