Deer Oaks, a HIPAA covered healthcare provider that provides behavioral health services primarily to residents in nursing homes and other facilities, misconfigured its IT systems to allow discharge summaries of 35 patients to be accessible online. A few months later, Deer Oaks suffered a ransomware attack that affected the PHI of 171871 patients. The hacker demanded a ransom payment, but it's not clear if Deer Oaks paid or not. Deer Oaks did report the incidents to OCR, and as part of its investigation, OCR determined that Deer Oaks didn't do an effective risk assessment (shocking, no?).
Ultimately, OCR fined Deer Oaks $225,000 and implemented a 2-year monitored corrective action plan.
No comments:
Post a Comment