Last month, more than seven years after it first issued guidance on ransomware and the implication of such attacks under HIPAA, the Office for Civil Rights announced its first settlement involving a ransomware attack.

Doctors’ Management Services, a business associate, will pay OCR $100,000 to resolve a breach stemming from a 2018 ransomware attack that impacted 206,695 individuals.

The settlement serves as a reminder to covered entities and business associates to stay diligent of ransomware attack risks and monitor their vulnerabilities. Notably, OCR’s press release announcing the settlement included a link to a video from the agency explaining how compliance with the HIPAA security rule can help prevent ransomware attacks.

“Our settlement highlights how ransomware attacks are increasingly common and targeting the health care system.”

www.hhs.gov/...