200 word plus.. 3 references

You are part of a CSIRT (Cybersecurity Incident Response Team) in your organization.  Your team’s responsibility is to develop  and to provide incident response services to your clients.  While performing your standard dutties as a Pentester you have discovered that not only is your Web server vulnerable but it has been breached by an APT actor.The breach has exposed PII and PHI  information that is regulated under HIPAA.  Your employer ‘ABC Company’, provides pharmacutical perscriptions to nursing home patients under a government contract and operates in California, NewYork, and Maryland. 

Your job on the CSIRT is to determine the regulatory procedures to be followed for Incident Response and the legal requirements for reporting the compromise. 

Your task is to write the guidelines ABC Company will follow to meet requlatory compliance on reporting the incident.

(Notes:  You will have to do research on HIPAA reporting requirements, federal,  and state regulations on breach reporting.)

The HIPAA Breach Notification Rule, 45 

Minimum 200 words, use at least 3 references.  Be professional.