White House chief medical advisor Dr. Anthony Fauci reported in late April that the U.S. is out of the pandemic phase despite a continuing uptick in COVID-19 cases driven by the growth of the Omicron subvariant BA.2. In May 2022, the New York Times is reporting a “threefold” increase in new cases since early April, with case reports in much of the Northeast and Midwest higher than they were during the summer of 2021’s peak Delta surge. Although COVID-related hospitalizations have also increased significantly since the beginning of May, they remain far lower than they have been in any prior surge.

Still, whether cases and hospitalizations are surging or in decline in our “new normal” transitional phase of living with COVID, hospitals and healthcare providers must continue to be vigilant about how resources such as medical supplies, medications, hospitalization, and long-term or critical care are allocated to avoid claims of disability discrimination in violation of Section 504 of the Rehabilitation Act and Section 1557 of the Affordable Care Act.

Earlier this year, the Department of Health & Human Services (HHS) Office of Civil Rights (OCR) issued important guidance to covered healthcare entities regarding civil rights protections for persons with disabilities. An overview of this guidance with related recommendations can be found in the Client Alert we published at that time.

In light of the ongoing conflict in Ukraine and the consequential global impacts and destabilization, the Department of Health and Human Services (HHS) continues to caution about escalating threats of cyberattacks. In early March 2022, HHS issued a bulletin warning those in the U.S. healthcare sector of the potential threats of cyberattacks by Russia and those aligned with it.

In particular, HHS warned of threats by one of the most prominent cybercriminal groups to publicly support Russia, the Conti ransomware operators. Historically, this group has been known to target U.S. healthcare organizations with threats including Managed Service Provider compromises, big game hunting, multi-stage attacks (leveraging other malpractice variants as part of the attack), and double and triple extortion (data theft combined with a ransomware attack). Healthcare providers of all sizes and types should therefore continue to be familiar with the various types of potential attacks, which are discussed in the HHS bulletin.

To assist our healthcare sector clients, we have previously written about steps taken by the federal government to help private entities stay vigilant, including the passage of the Strengthening American Cybersecurity Act and the Statement by President Biden on our Nation’s Cybersecurity. Entities in the healthcare sector would be well advised to remain on guard and continue to implement protocols and other measures to protect their organizations from cyberattacks.