Second Ever Ransomware Cyber-Attack Settlement

Second Ever Ransomware Cyber-Attack Settlement - Healthcare Law Update - March 2024 - Brach Eichler
BACK TO INSIGHTS     Articles

3/31/2024

On February 21, 2024, the OCR announced its second-ever ransomware cyber-attack settlement. The settlement resolved an OCR investigation of a Maryland-based behavioral health provider following a ransomware attack that affected the protected health information of more than 14,000 individuals. Cyber attackers infected the provider’s network server and encrypted company files and patient records. The OCR found multiple violations of HIPAA, including the failure to (i) have in place an accurate and thorough analysis to determine the potential risks and vulnerabilities to electronic protected health information; (ii) implement security measures to reduce risks and vulnerabilities to a reasonable and appropriate level; and (iii) have sufficient monitoring of its health information systems’ activity to protect against a cyber-attack. Under the terms of the settlement, the provider agreed to a $40,000 monetary settlement, implementation of a corrective action plan, and OCR monitoring for three years.

Click Here to read the entire March 2024 Healthcare Law Update now!

If you need assistance with your HIPAA compliance program, an OCR investigation, or a data breach incident, please contact:
Lani M. Dornfeld, CHPC | 973.403.3136 | ldornfeld@bracheichler.com

*This is intended to provide general information, not legal advice. Please contact the authors if you need specific advice.

Related Practices:   Healthcare Law

Related Attorney:   Lani M. Dornfeld

Related Industry:   Healthcare