HIPAA Blog

[ Wednesday, January 08, 2025 ]

HHS Issues 8th Fine Related to Ransomware: Elgon Information Systems has agreed to an $80,000 settlement with OCR in relation to a ransomware event it suffered in March of 2023. It's the 8th overall ransomware settlement, and the 2nd under OCR's new "risk analysis initiative," which, like the focus on patient access, shows that OCR is selecting specific HIPAA problem areas on which to focus its investigation. While open firewall ports was the specific cause of the incident, that's just the sort of thing a good risk analysis would correct.

Lack of a good risk analysis, along with lack of sufficient policies and procedures, is the most common finding in OCR settlement agreements.

The resolution agreement is here.

Jeff [8:57 AM]

Comments: Post a Comment

http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template