HHS settles data breach investigation

Image via Unsplash

The U.S. Department of Health and Human Services (HHS) settled data breach charges alongside the Office for Civil Rights (OCR).

On April 22, 2019, Doctors’ Management Services filed a breach report with HHS stating that approximately 206,695 individuals were affected when their network server was infected with GandCrab ransomware. The initial unauthorized access to the network occurred on April 1, 2017. Doctors’ Management Services did not detect the intrusion until December 24, 2018, after ransomware was used to encrypt their files.

Other findings included insufficient monitoring of its health information systems’ activity to protect against a cyberattack, and a lack of policies and procedures in place to implement the requirements of the HIPAA Security Rule to protect the confidentiality, integrity and availability of electronic protected health information.

Under the terms of the settlement agreement, OCR will monitor Doctors’ Management Services for three years to ensure compliance with HIPAA. In addition, Doctors’ Management Services has agreed to pay $100,000 to OCR and to implement a corrective action plan, which identifies steps that Doctors’ Management Services will take to resolve potential violations of the HIPAA Privacy and Security Rules and protect the security of electronic protected health information.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.

ON DEMAND: Apple Mac computer use is growing in the corporate space. Having the solutions and the knowledge base to respond to events that include Mac computers is just as important as their Windows counterparts.