The U.S. Department of Health and Human Services has a graphic and guide explaining the steps a HIPAA covered entity must take in response to a cyber-related security incident.
When investigating a breach, HHS considers all steps an organization takes to mitigate harm.
In the event of a cyber attack, an organization
A copy of the graphic may be accessed here and a copy of the checklist may be accessed here.