HIPAA Blog

[ Wednesday, August 21, 2024 ]

 

Great Write-Up on OCR's 3rd Ransomware Settlement: Theresa Defino of Report on Patient Privacy has an excellent article on the recently-announced settlement Heritage Valley Health System entered into with OCR.  Heritage Valley got hit by the NotPetya ransomware attack back in 2017 through no real fault of their own -- they used Dictaphone transcription software as part of iChart, and that was the vector of the attack.  Dictaphone had been acquired by Nuance Communications, which aggressively expanded overseas; the ransomware originated in the Ukraine, and entered Heritage Valley's system through a trusted VPN they had with Nuance.  Unfortunately for Heritage Valley, they never signed a new contact with Nuance, so their suit against Nuance was dismissed.  

It's hard to imagine how Heritage Valley could've protected itself and prevented this attack; they had a contract with Dictaphone, but their failure to sign a new agreement with Nuance wasn't the cause of the attack.  Regardless, OCR hit Heritage Valley with the biggest ransomware-related fine yet, almost $1 million.


Jeff [2:59 PM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template