Lexology December 4, 2023
Jones Day

The U.S. Department of Health and Human Services (“HHS”) Office of Civil Rights (“OCR”) has entered into its first settlement of potential Health Insurance Portability and Accountability Act (“HIPAA”) violations arising out of a ransomware attack, signaling OCR’s continued focus on data security.

On October 31, 2023, the OCR announced a first-of-its-kind ransomware agreement with Doctors’ Management Services (“DMS”), a practice management company acting as a business associate to several covered entities, for alleged violations of HIPAA.

What Happened

In April 2019, OCR opened an investigation on a breach report from DMS stating that approximately 206,695 individuals were affected by a ransomware attack. While the initial unauthorized access to its network occurred on April 1, 2017, DMS did not detect...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health IT, Health System / Hospital, HHS, Provider, Technology
Related Articles:
The Trump picks who want to reform health care
Dr. Oz, RFK Jr. on Medicare, Medicaid: 10 notes
RFK Jr. eyes overhaul of Medicare physician pay: What to know
Reading RFK Jr.’s tea leaves
New HHS leader could overhaul Medicare physician reimbursement: reports

Share This Article