Reps. Ted Lieu (D-Calif.) and Will Hurd (R-Texas) encouraged the Department of Health and Human Services to develop guidance for healthcare providers to use when responding to ransomware attacks under the Health Information Technology for Economic and Clinical Health Act (HITECH) and the Health Insurance Portability and Accountability Act (HIPAA).
Lieu and Hurd expressed their desire in a letter to Deven McGraw, deputy director of the Office of Civil Rights for HHS. The correspondence also urged HHS to treat ransomware attacks as a data breach under HITECH regulations. They also considered a ransomware attack more severe that a simple data breach.
“In a normal breach, personal health information is either viewed or stolen, infringing the privacy rights of the patient,” the congressmen wrote. "Ransomware, however, denies access to health records or information technology functions that enable the provider to offer healthcare services." They added that there is also an element of danger to the patient with ransomware.
