HHS reaches $100K ransomware settlement with healthcare org

Doctors' Management Services, a medical management company based in West Bridgewater, Mass., agreed to pay HHS and the Office for Civil Rights a $100,000 settlement due to a ransomware attack that affected the protected health information of 206,695 individuals, marking the first ransomware agreement OCR has made.

OCR conducted an investigation into the April 22, 2019, breach of the company's network and found that Doctors' Management failed to establish an assessment framework for identifying potential risks and vulnerabilities to electronic protected health information throughout the organization, according to an Oct. 31 news release from HHS.

The investigation also determined that Doctors' Management had insufficient monitoring of its health information systems. 

Under the settlement, OCR will monitor Doctors' Management for three years to ensure HIPAA compliance, and the company will implement a corrective action plan that addresses how it plans to protect patients' protected health information.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars