OCR Continues to Focus on its Risk Analysis Initiative and Ransomware Attacks

OCR Continues to Focus on its Risk Analysis Initiative and Ransomware Attacks - Healthcare Law Update - May 2025 - Brach Eichler
BACK TO INSIGHTS     Articles

5/1/2025

The Department of Health & Human Services, Office for Civil Rights (OCR) recently announced the settlement of its 11th ransomware enforcement action and 7th Risk Analysis Initiative. At the core of the OCR’s findings in this settlement and others like it is that the affected covered entities or their business associates did not periodically and timely conduct a thorough risk analysis to determine the potential risks and vulnerabilities to the confidentiality, integrity, and availability of each organization’s electronic protected health information; did not develop and implement a risk management plan to address and mitigate the risks and vulnerabilities identified in the risk analysis; did not develop a written process to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports; and did not have in place other required security protections. We anticipate further settlements will result from the OCR’s Risk Analysis Initiative and investigations of ransomware attacks.

Click Here to read the entire May 2025 Healthcare Law Update now!

If you need assistance with your HIPAA compliance program, an OCR investigation, or a data breach incident, please contact:
Lani M. Dornfeld, CHPC | 973.403.3136 | ldornfeld@bracheichler.com

*This is intended to provide general information, not legal advice. Please contact the authors if you need specific advice.

Lani M. Dornfeld

CHPC, Member
Healthcare Law, Cannabis Industry

973.403.3136 · 973.618.5536 Fax

Related Practices:   Healthcare Law

Related Attorney:   Lani M. Dornfeld

Related Industry:   Healthcare