medcomply.ai
Intel
The HIPAA Security Rule — A Complete Guide for 2026 · Security RuleUnderstanding the HIPAA Breach Notification Rule · Data BreachHIPAA breach notification overview · Data BreachHow to respond to a HIPAA breach · Data BreachHIPAA compliance checklist for covered entities · AnalysisOCR audit preparation checklist and evidence map · OCR EnforcementPatient rights under HIPAA: practical guide · Rule UpdateHIPAA staff training requirements and cadence · AnalysisHIPAA for SaaS and technology vendors · SaaS & TechnologyHIPAA Security Rule overview for compliance teams · Security RuleWhat is a Business Associate Agreement (BAA)? · BAAWhat counts as PHI under HIPAA? · Privacy RuleThe HIPAA Security Rule — A Complete Guide for 2026 · Security RuleUnderstanding the HIPAA Breach Notification Rule · Data BreachHIPAA breach notification overview · Data BreachHow to respond to a HIPAA breach · Data BreachHIPAA compliance checklist for covered entities · AnalysisOCR audit preparation checklist and evidence map · OCR EnforcementPatient rights under HIPAA: practical guide · Rule UpdateHIPAA staff training requirements and cadence · AnalysisHIPAA for SaaS and technology vendors · SaaS & TechnologyHIPAA Security Rule overview for compliance teams · Security RuleWhat is a Business Associate Agreement (BAA)? · BAAWhat counts as PHI under HIPAA? · Privacy Rule

We had a security incident (malware, intrusion, or lost device)

Activate your incident plan, preserve evidence, and involve legal counsel early.

  1. 1

    Contain and isolate

    Disconnect affected systems if needed. Do not wipe drives until counsel or forensics advises — evidence matters.

  2. 2

    Engage counsel and forensics

    Attorney-client privilege can protect parts of the investigation. Forensics helps prove whether PHI was accessed.

  3. 3

    Notify insurers and leadership

    Cyber policies often have short notice windows. Brief executives under NDA as appropriate.

  4. 4

    Prepare customer and regulatory notifications

    If PHI was involved, your BAA and HIPAA may require customer notice and a breach risk assessment.

Important

The difference between an unsuccessful attack and a reportable breach depends on facts — not hope.

Related

Ask AI about this situation →

Not legal advice. Follow your organization's policies and consult counsel for legal questions.