California's Attorney General recently issued guidance for healthcare providers and facilities. The guidance serves as a reminder to comply with data privacy laws and with California Civil Code section 1798.82, which requires entities to report certain breaches to the AG's office. Specifically, they must notify the California DOJ when they suffer a breach involving health data of over 500 California residents.
The healthcare sector has recently been the main target of cyber attacks, including a number of ransomware attacks. The AG also urged entities to take proactive steps, including: (1) appropriate security measures and updates, (2) regular data security training, (2) restrictions on downloads of unapproved software, and (4) maintaining and testing a data backup and recovery plan.
“Entities entrusted with private and deeply personal data, like hospitals and other healthcare providers, must secure information against evolving threats,” said Attorney General Bonta. “California law mandates that data breaches impacting more than 500 of our residents be reported to the California Department of Justice. In addition, I implore all entities that house confidential health-related information to be vigilant and take steps now to protect patient data, before a potential cyberattack.”