top of page
Search

Fourth OCR Ransomware Settlement

Writer's picture: Alan DavisAlan Davis

We anticipate that headlines like this will continue to increment as criminal-activity cases are processed through the Office of Civil Rights (OCR).


Last month OCR announced a $250K, two year corrective action plan (CAP) with Cascade Eye and Skin Centers, P.C., (Cascade) of Washington State. Criminals compromised electronic protected health information affecting approximately 291,000 patients by implementing a ransomware attack. In OCR's media release, they determined that Cascade had failed to "...conduct a compliant risk analysis to determine the potential risks and vulnerabilities to ePHI in its systems, and to have sufficient monitoring of its health information systems’ activity to protect against a cyber-attack..."


Cascade actions agreed upon in the CAP include:

  • conduct an accurate and thorough risk analysis to determine the potential risks and vulnerabilities to the confidentiality, integrity, and availability of its ePHI;

  • implement a risk management plan to address and mitigate security risks and vulnerabilities identified in their risk analysis;

  • developing a written process to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports;

  • developing policies and procedures for responding to an emergency or other occurrence that damages systems that contain ePHI;

  • developing written procedures to assign a unique name and/or number for identifying and tracking user identity in its systems that contain ePHI; and

  • reviewing and revising, if necessary, written policies and procedures to comply with the HIPAA Privacy and Security Rules.


All of these actions should be part of a basic HIPAA Security program and we'll show you how to create policies and procedures to help protect your organization against additional OCR CAP requirements. Click the link below to read OCR's announcement.


Stay (HIPAA) safe,

Alan -


2 views0 comments

Comments


Experience                   Integrity                        Results

Proteus Consulting, LLC

Hayden, ID, 83835

(208) 215.5607

Copyright © 2013 - 2024 Proteus Consulting, LLC

bottom of page