HIPAA Blog

[ Monday, November 18, 2024 ]

 

Recent Ransomware settlement: 

OK, I've sort of fallen down on the job here keeping the HIPAABlog updated, but I'm going to try to dump a bunch of items that I've been stacking up.  So here goes.

In September, OCR settled with Cascade Eye and Skin Centers (WA) regarding Cascade's HIPAA failures that resulted in Cascade suffering a ransomware event that exposed 291,000 PHI-containing files (it is unclear how many individuals were affected).  OCR cited 2 specific failures on Cascade's part: failure to conduct a proper risk analysis, and failure to have procedures in place to monitor system activity.  Risk analysis is the linchpin of HIPAA security -- if you haven't done it, you don't even know if your security is good.  And monitoring the activity on your information systems can give you an early warning that something is amiss.

The settlement agreement is here.


Jeff [5:40 PM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template