HIPAA Blog

[ Monday, February 26, 2024 ]

Second OCR Ransomware Incident Settlement Announced: OCR has entered into a settlement agreement relating to a ransomware incident, this time a fine of $40,000 for Green Ridge Behavioral Health.

Lack of a Risk Analysis, lack of sufficient security measures, and a failure to monitor system activity were cited as reasons for the fine, which is a pretty common theme for OCR fines.

OCR's press release on the matter included specific actions it expects HIPAA covered entities to take to prevent incidents (and avoid fines if they do happen). These align with the recommended security practices that Section 405(d) of the Cybersecurity Act considers "mitigating factors" when regulatory action is taken"

"OCR recommends health care providers, health plans, clearinghouses, and business associates that are covered by HIPAA take the following best practices to mitigate or prevent cyber-threats:

Reviewing all vendor and contractor relationships to ensure business associate agreements are in place as appropriate and address breach/security incident obligations.

Integrating risk analysis and risk management into business processes; and ensuring that they are conducted regularly, especially when new technologies and business operations are planned.

Ensuring audit controls are in place to record and examine information system activity.

Implementing regular review of information system activity.

Utilizing multi-factor authentication to ensure only authorized users are accessing protected health information.

Encrypting protected health information to guard against unauthorized access.

Incorporating lessons learned from previous incidents into the overall security management process.

Providing training specific to organization and job responsibilities and on regular basis; and reinforcing workforce members’ critical role in protecting privacy and security. "

Jeff [8:46 AM]

Comments: Post a Comment

http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template