In this section, you will find educational materials specifically designed to give HIPAA covered entities and business associates insight into how to respond to a cyber-related security incidents. Cyber Security Checklist and Infographic This guide and graphic explains, in brief, the steps for a HIPAA covered entity or its business associate to take in response to a cyber-related security incident. Cyber Security Checklist Cyber Security Infographic [GIF 802 KB] Ransomware Guidance HHS has developed guidance to help covered entities and business associates better understand and respond to the threat of ransomware. Ransomware National Institute of Standards and Technology (NIST) Cybersecurity Framework This crosswalk document identifies “mappings” between NIST’s Framework for Improving Critical Infrastructure Cybersecurity and the HIPAA Security Rule. NIST Cyber Security Framework to HIPAA Security Rule Crosswalk OCR Cyber Awareness Newsletters In 2019, OCR moved to quarterly cybersecurity newsletters. The purpose of the newsletters remains unchanged: to help HIPAA covered entities and business associates remain in compliance with the HIPAA Security Rule by identifying emerging or prevalent issues, and highlighting best practices to safeguard PHI. Visit our Cybersecurity Newsletter Archive page to view previous newsletters from 2016. October 2022 OCR Cybersecurity Newsletter: HIPAA Security Rule Security Incident Procedures Quarter 1 2022 OCR Cybersecurity Newsletter: Defending Against Common Cyber-Attacks Fall 2021 OCR Cybersecurity Newsletter: Securing Your Legacy [System Security] Summer 2021 OCR Cybersecurity Newsletter: Controlling Access to ePHI: For Whose Eyes Only? Summer 2020 OCR Cybersecurity Newsletter: HIPAA and IT Asset Inventories Fall 2019 OCR Cybersecurity Newsletter: What Happened to My Data?: Update on Preventing, Mitigating and Responding to Ransomware Summer 2019 OCR Cybersecurity Newsletter: Managing Malicious Insider Threats Spring 2019 OCR Cybersecurity Newsletter: Advanced Persistent Threats and Zero Day Vulnerabilities Sign up for the OCR Security Listserv to receive the OCR Cyber Awareness Newsletters in your email inbox. Frequently Asked Questions for Professionals - Please see the HIPAA FAQs for additional guidance on health information privacy topics.