Last month, more than seven years after it first issued guidance
on ransomware and the implication of such attacks under HIPAA, the
Office for Civil Rights announced its first settlement involving a
ransomware attack.
Doctors' Management Services, a business associate, will pay
OCR $100,000 to resolve a breach stemming from a 2018 ransomware
attack that impacted 206,695 individuals.
The settlement serves as a reminder to covered entities and
business associates to stay diligent of ransomware attack risks and
monitor their vulnerabilities. Notably, OCR's press release
announcing the settlement included a link to a video from the
agency explaining how compliance with the HIPAA security rule can
help prevent ransomware attacks.
"Our settlement highlights how ransomware attacks are increasingly common and targeting the health care system."
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
