SRA Tool Overview and Feedback

Please join us for a webinar session about the Security Risk Assessment (SRA) Tool this September. The Office of the National Coordinator for Health Information Technology (ONC) and the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services are hosting a new webinar for users of the Security Risk Assessment Tool. Learn about the SRA Tool and how it can be used at your organization, hear about upcoming enhancements, ask questions, and give feedback during the SRA Tool Webinar.

2021 Hurricane Ida & HIPAA Bulletin: Limited Waiver of HIPAA Sanctions and Penalties During a Declared Emergency

Severe  disasters – such as Hurricane Ida – impose additional challenegs on health care providers. Often questions arise about the ability of entities covered by the HIPAA regulations to share individuals’ health information, including with friends and family, public health officials, and emergency personnnel. As summarized in more detail below, the HIPAA Privacy Rule allows patient information to be shared to assist in disaster relief efforts, and to assist patients in receiving the care they need.


FACT SHEET: Biden Administration and Private Sector Leaders Announce Ambitious Initiatives to Bolster the Nation’s Cybersecurity

Today, President Biden met with private sector and education leaders to discuss the whole-of-nation effort needed to address cybersecurity threats. Recent high-profile cybersecurity incidents demonstrate that both U.S. public and private sector entities increasingly face sophisticated malicious cyber activity. Cybersecurity threats and incidents affect businesses of all sizes, small towns and cities in every corner of the country, and the pocketbooks of middle-class families. Compounding the challenge, nearly half a million public and private cybersecurity jobs remain unfilled.

National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems

Protection of our Nation’s critical infrastructure is a responsibility of the government at the Federal, State, local, Tribal, and territorial levels and of the owners and operators of that infrastructure. The cybersecurity threats posed to the systems that control and operate the critical infrastructure on which we all depend are among the most significant and growing issues confronting our Nation. The degradation, destruction, or malfunction of systems that control this infrastructure could cause significant harm to the national and economic security of the United States.



Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches

Over the past several years, the Cybersecurity and Infrastructure Security Agency (CISA) and our partners have responded to a significant number of ransomware incidents, including recent attacks against a U.S. pipeline company and a U.S. software company, which affected managed sesrvice providers (MSPs) and their downstream customers.