California's Attorney General recently issued guidance for healthcare providers and facilities. The guidance serves as a reminder to comply with data privacy laws and with California Civil Code section 1798.82, which requires entities to report certain breaches to the AG's office. Specifically, they must notify the California DOJ when they suffer a breach involving health data of over 500 California residents.
The healthcare sector has recently been the main target of cyber attacks, including a number of ransomware attacks. The AG also urged entities to take proactive steps, including: (1) appropriate security measures and updates, (2) regular data security training, (2) restrictions on downloads of unapproved software, and (4) maintaining and testing a data backup and recovery plan.