In most cases, yes. Federal guidance treats a ransomware attack on systems holding patient data as a presumed breach, because the data has been accessed or encrypted by an unauthorized party. That presumption can only be overcome with a documented risk analysis showing low probability that data was compromised. Strong safeguards and logging help you investigate and respond quickly.


Leave A Comment