February 22, 2024
Well, the Office of Civil Rights (OCR) did it again. In the past four months, two ransomware cyber attack cases have been settled, resulting in hefty fines, yikes!
While the first ruling affected a Business Associate with a major fine, this breach impacted a Covered Entity.
In February 2019, Green Ridge Behavioral Health in Maryland filed a breach report that all of their files on patients were encrypted with ransomware, resulting in over 14,000 patients’ data being compromised. That’s a lot of people!
As the name suggests, ransomware is a cybercrime where data is held for ransom. Users are unable to access data/files till the ransom is paid. It is a malicious crime that is extremely prevalent in healthcare, with a 264% increase over the past five years in large breaches reported to the OCR.
In their investigation, the OCR found potential violations of the HIPAA Privacy and Security Rules from before and right up until the breach. In their variety of violations, some other major misses included:
- Not having a Security Risk Analysis in place to assess potential risks and issues regarding securing PHI.
- Inadequate security measures, leaving them wide open for an attack.
- Insufficient monitoring of systems, causing them not to see the attack before it was too late.
As a result, Green Ridge Behavioral Health was fined $40,000 and will now be monitored by the OCR for the next three years. That’s a long time and a lot of money for a practice that could have avoided this situation with the right compliance solution.
That’s where Abyde steps in.
Cyber attacks are unfortunately common in healthcare, accounting for 79% of the large breaches reported to OCR. We’ve now seen a pattern of the OCR ruling on ransomware cases, cracking down on practices and organizations that are not prepared for a cyber attack. The OCR is not messing around, and these fines are a clear example.
Thankfully, with Abyde, we make the journey to compliance simple. The Abyde software resolves many of the reasons why practices and organizations get fined. You can complete our intuitive Security Risk Analysis in minutes, being able to see what your practice needs to do to be compliant in a flash.
Abyde also has engaging training, with interactive activities and videos, all with entertaining themes, to keep the user interested (yes, you read that right).
We also have a portal that allows you to easily manage all of your agreements with Business Associates, digitally signing and storing them in the software. What’s the cherry on top? We will remind you when these agreements are close to expiring, being your compliance crew so you can focus on running your practice.
We have a variety of resources for practices of any size to use, like dynamically generated policies and procedures, allowing you to finally ditch the dusty HIPAA binder, HIPAA logs, our team of friendly compliance experts is always a call (or message!) away, and much more.
Why wait for a compliance disaster? Email us at info@abyde.com and schedule a demo of our revolutionary software here.