The HHS checklist offers general, step - by - step guidance for healthcare providers in the event of a security incident that includes: (1) immediately executing response procedures and contingency plans to fix technical problems to stop a security incident; (2) reporting a security incident to appropriate law enforcement agencies; (3) reporting all
cyber threat indicators to federal and information - sharing analysis organizations; and (4) reporting a
breach to the HHS as soon as
possible (but no later than 60 days after the discovery of a
breach affecting 500 or more individuals).