Indiana-based Schneck Medical Center failed to protect the personal health information of nearly 90,000 people in a September 2021 ransomware attack and data breach, the state of Indiana said in a HIPAA enforcement lawsuit, Bloomberg reports.
The hospital, known formally as Jackson County Schneck Memorial Hospital, failed to take adequate measures to protect patients’ information despite having actual knowledge of deficiencies in its data-security systems following a December 2020 risk analysis that brought many critical security issues to light, the state alleged.
Schneck Medical Center said in a statement that it had reached an agreement with the Indiana attorney general’s office to pay the state $250,000 for the breach. Read more.