Effective June 11, 2016, HHS issued new rulings regarding Ransomware. Previously, since breach of PHI could not be ascertained in Ransomware infections, reporting was not necessary. With the new rule changes, Ransomware reporting is mandatory.
The HHS findings can be found here: https://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf
Methodology on Report Filing can can be found here: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
The FBI has policies and guidelines regarding Ransomware that may be found here: https://www.justice.gov/criminal-ccips/file/872771/download