Fourth OCR Ransomware Settlement: $250,000
10/31/2024
The Department of Health and Human Services Office for Civil Rights (OCR) has announced a settlement with a privately-owned health care provider offering ophthalmology, dermatology and cosmetic services, relating to a ransomware attack on the provider. This marks only the fourth OCR settlement relating to ransomware, despite that the OCR advises that “the agency sees 264% increase in large ransomware breaches since 2018.”
“Cybercriminals continue to target the heath care sector with ransomware attacks. Health care entities that do not thoroughly assess the risks to electronic protected health information and regularly review the activity within their electronic health record system leave themselves vulnerable to attack, and expose their patients to unnecessary risks of harm,” said OCR Director Melanie Fontes Rainer. “Ensuring the confidentiality of electronic protected health information is critical to protect health information privacy and integral to our national security in the health care sector. OCR urges all health care entities to take the essential precautions and stay vigilant to safeguard their systems from cyberattacks.”