Fifth Ransomware is a CMP !
The Office of Civil Rights (OCR) announced this week a $240,000 civil monetary penalty (CMP) against Providence Medical Institute (Providence) of California, following a self-reported 2018 ransomware attack against Providence's electronic protected health information that affected 85,000 patients. OCR "...OCR found two potential violations of the HIPAA Security Rule, including failure to have a business associate agreement in place and failure to implement policies and procedures to allow only authorized persons or software programs access to ePHI..."
OCR reports that Providence waived its right to a hearing and did not contest OCR's findings. As such, a CMP was imposed. You can read OCR's Notice of Final Determination by clicking the graphic below.
Stay (HIPAA) safe, Alan -
Comments