Lexology February 20, 2024
McGuireWoods LLP

On Feb. 6, 2024, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a $4.75 million settlement with New York nonprofit health system Montefiore Medical Center over alleged malicious insider conduct that caused potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. This settlement follows two other recent investigations that led to OCR’s first-ever settlements stemming from ransomware and phishing attacks.

Covered entities and business associates subject to the HIPAA Security Rule should be aware that OCR may hold them accountable for breaches not only from outside the walls of the organization, but also from within.

The Reported Conduct and Settlement

Montefiore reported in 2015 that two years prior, a Montefiore...

Today's Sponsors

Venturous
Got healthcare questions? Just ask Transcarent

Today's Sponsor

Venturous

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health IT, Health System / Hospital, HIPAA, Provider, Technology
Related Articles:
Chinese medical devices are in health systems across U.S., and the government and hospitals are worried
HISAC Finds Ransomware & Third-Party Breaches Dominate 2025 Threats
The missing piece in medical education: Why health systems science matters
The 'buzz of excitement' behind Duke Health's CHS hospital acquisition
Hartford HealthCare taps AI to enhance virtual care access

Share This Article