A covered entity suffers a ransomware attack that affects the personal health information (PHI) of more than 500 individuals.
According to Federal law under HIPAA, which of the following would the covered entity NOT have to report the breach to?
A . Department of Health and Human Services
B . The affected individuals
C . The local media
D . Medical providers
Answer: D
Explanation:
Reference: https://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf (page 6)