The HIPAA Breach Notification Rule is the US legal framework that requires covered healthcare entities, business associates, and sometimes their vendors to notify affected people, regulators, and in some cases the media after a breach involving protected health information (PHI). A breach is not just any security event; it is typically an unauthorized acquisition, access, use, or disclosure of unsecured PHI.
This rule matters because healthcare incidents often involve highly sensitive records such as diagnoses, medications, insurance details, and contact information. In ransomware or data-extortion cases, the key question is whether PHI was only encrypted or also accessed or exfiltrated. Defenders use logs, endpoint evidence, and forensic review to determine scope, while legal and privacy teams assess whether notification is required, how many records are affected, and whether the data was properly protected. The rule turns a technical intrusion into a compliance and patient-trust issue.