Massachusetts-based medical management company Doctors’ Management Services will pay the Department of Health and Human Service and the Office of Civil Rights $100,000 in a settlement over a ransomware attack.
The HIPAA Privacy, Security, and Breach Notification Rules require HIPAA-regulated entities to protect the privacy and security of health information. The $100,000 settlement resolves a large breach report regarding a ransomware attack that affected the electronic protected health information of 206,695 individuals, Healthcare Finance reports.
On April 22, 2019, Doctors’ Management Services filed a breach report with HHS saying that about 206,695 people were affected when their network server was infected with GandCrab ransomware. The initial unauthorized access to the network occurred on April 1, 2017, but Doctors’ Management Services didn’t detect the intrusion until December 24, 2018, after ransomware was used to encrypt their files. In April 2019, OCR began its investigation.
This marks the first ransomware agreement OCR has reached, the agency said. Read more.