Lexology December 4, 2023
Jones Day

The U.S. Department of Health and Human Services (“HHS”) Office of Civil Rights (“OCR”) has entered into its first settlement of potential Health Insurance Portability and Accountability Act (“HIPAA”) violations arising out of a ransomware attack, signaling OCR’s continued focus on data security.

On October 31, 2023, the OCR announced a first-of-its-kind ransomware agreement with Doctors’ Management Services (“DMS”), a practice management company acting as a business associate to several covered entities, for alleged violations of HIPAA.

What Happened

In April 2019, OCR opened an investigation on a breach report from DMS stating that approximately 206,695 individuals were affected by a ransomware attack. While the initial unauthorized access to its network occurred on April 1, 2017, DMS did not detect...

Today's Sponsors

Venturous
Got healthcare questions? Just ask Transcarent

Today's Sponsor

Venturous

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health IT, Health System / Hospital, HHS, Provider, Technology
Related Articles:
Federal Agencies Issue FAQs, Again Extending Enforcement Relief for Surprise Billing QPA Calculations
Health Policy Under The Trump Administration: The First 50 Days
Uncertainly Looms Amid Federal Healthcare Oversight Upheaval
Opinion: STAT+: How will the Center for Biologics Evaluation and Research change under RFK Jr.?
VA And CDC Will Terminate Thousands Of Health Workers. Here Are The Unintended Consequences

Share This Article