The U.S. Department of Health and Human Services (HHS) settled data breach charges alongside the Office for Civil Rights (OCR).
On April 22, 2019, Doctors’ Management Services filed a breach report with HHS stating that approximately 206,695 individuals were affected when their network server was infected with GandCrab ransomware. The initial unauthorized access to the network occurred on April 1, 2017. Doctors’ Management Services did not detect the intrusion until December 24, 2018, after ransomware was used to encrypt their files.