HHS Office of Civil Rights Imposes $240,000 Penalty Against Health Care Provider After Violation of HIPAA Security Rule Results in Ransomware Attack

The Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) has announced the imposition of a $240,000 civil penalty against Providence Medical Institute in southern California for violating the HIPAA security rule. OCR investigated the covered entity after it reported a series of ransomware attacks that compromised the electronic protected health information (ePHI) of 85,000 individuals, including names, addresses, Social Security numbers, health care information, driver’s license numbers, and bank account numbers.

The cybersecurity breach occurred after a staff member clicked on a phishing email. The attacker then was able to gain remote access to the ePHI using administrator credentials.

The covered entity had used an IT company to provide data management services. However, the covered entity failed to have a business associate agreement in place for multiple years with the IT company, which caused access control deficiencies and contributed to the ransomware attacks. It also failed to implement any policies or procedures designed to allow only authorized persons or software programs access to the ePHI. In its investigation, OCR found that the covered entity did not act reasonably to end unauthorized access to its system by simply changing the compromised administrator credential, which would have prevented repeated attacks.

HBL has experience in all areas of benefits and employment law, offering a comprehensive solution to all your business benefits and H.R./employment needs. We help ensure you are in compliance with the complex requirements of ERISA and the IRS code, as well as those laws that impact you and your employees. Together, we reduce your exposure to potential legal or financial penalties. Learn more by calling 470-571-1007.

The following two tabs change content below.

Hall Benefits Law, LLC

HBL offers employers comprehensive legal guidance on benefits in mergers and acquisitions, Employee Stock Ownership Plans (ESOPs), executive compensation, health and welfare benefits, healthcare reform, and retirement plans. We counsel a wide spectrum of clients including small, mid-sized, and large companies, 401(k) investment advisors, health insurance brokers, accountants, attorneys, and HR consultants, just to name a few. HBL is passionate about advising clients, and we are dedicated to our mission: to provide comprehensive, personalized, and practical ERISA and benefits legal solutions that exceed client expectations.

Latest posts by Hall Benefits Law, LLC (see all)