Breach Notification

Ransomware HIPAA Fines
Cybersecurity, Fines, HIPAA

The Price of Neglect: Ransomware Fines Hit Healthcare Practices

November 7, 2024 No comments yet

November 7, 2024 Healthcare practices felt quite a scare on Halloween, with over half a million dollars in fines levied on medical practices. These practices were fined for not taking the necessary precautions against ransomware breaches. The two practices impacted on this day of significant fines include Plastic Surgery Associates of South Dakota in Sioux Falls (PSASD), a multi-location organization, and the Bryan County Ambulance Authority (BCAA), an Oklahoma emergency medical services provider. PSASD was fined $500,000, and BCAA was fined $90,000. These significant fines are just the precipice of the future of healthcare breaches, with ransomware breaches increasing 264% since 2018. What Happened? Major ransomware attacks unfortunately impacted both of these healthcare providers. For PSASD, a breach was discovered that infected nine workstations and two servers in July 2017. This breach impacted over ten thousand patients, putting their data at risk. The malicious actors utilized trial and error to hack into the organization’s system. The data was unable to be restored. The investigation revealed significant gaps in their compliance program, including a missing Security Risk Analysis, inadequate policies and procedures for data handling and breach reporting, and insufficient training. This $500,000 penalty also includes two years of monitoring by the Office For Civil Rights (OCR). For the BCAA, its ransomware attack began in November 2021, but wasn’t reported until May of the following year. After a breach, depending on the severity, you must notify the OCR within 60 days. Since this breach impacted over 14,000 patients or over 500 people, it is considered a large breach. Similar requirements, such as a Security Risk Analysis, adequate policies, a risk management plan, and other safeguards, were missing as found in this investigation. It’s $90,000 fine includes a Corrective Action Plan as well. Protecting Your Practice from Ransomware Ransomware attacks will continue to affect our healthcare system. Although complete immunity is impossible, there are many precautions you can take to protect your practice. Implementing the right technical safeguards, such as firewalls, antivirus software, and a qualified IT team is crucial. Additionally, you can streamline your HIPAA compliance by using intelligent software solutions that help identify your compliance needs unique to your practice. In the event of an attack, these solutions can also guide you on how to respond effectively. To learn more about these smart solutions, meet with a compliance expert today.

Google Reviews HIPAA Fine
Fines, HIPAA

New Jersey Doctor Fined $30k for Breaching HIPAA in Responses to Negative Google Reviews

June 5, 2023 Comments Off on New Jersey Doctor Fined $30k for Breaching HIPAA in Responses to Negative Google Reviews

June 5, 2023 The U.S. Department of Health and Human Services (HHS) launched an investigation into Manasa Health Center LLC’s (Mansa) compliance with the The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule and notified them about it on November 18, 2020. Manasa is a psychiatric practice based in Kendall Park, New Jersey. As a covered entity under HIPAA, Manasa is required to comply with these rules. The investigation uncovered certain conduct, referred to as “Covered Conduct,” which includes the illegal disclosure of four patients’ protected health information (PHI) in response to negative reviews on Google. Additionally, Manasa was found to have failed to implement policies and procedures regarding PHI that comply with the standards and requirements of the Privacy and Breach Notification Rules. Manasa has agreed to pay HHS a resolution amount of $30,000. The payment will be made on the effective date of the agreement, following written instructions provided by HHS. Manasa has also committed to complying with a Corrective Action Plan (CAP) that serves as a roadmap for Manasa to rectify its non-HIPAA-compliant practices. The CAP put in place includes implementation of compliance policies and procedures, employee trainings, breach notifications, reports. Abyde’s HIPAA Compliance Software Solution can help healthcare providers effortlessly assess risks, implement necessary policies and procedures, and receive continuous support to maintain compliance with HIPAA regulations. If you have staff that has a bad case of keyboard-itis, make sure they are trained on what NOT to type out on the internet!  By utilizing Abyde, healthcare providers can rest assured that they are meeting the requirements of the Privacy, Security, and Breach Notification Rules. This proactive approach to compliance helps them avoid the potential consequences of non-compliance, such as costly settlements like the one experienced by Manasa Health Center.

Concerned about HIPAA & OSHA compliance requirements in 2025? Join our live webinar for expert answers to the most common questions to ensure your practice is protected.

REGISTER TODAY
X