US Office for Civil Rights Settles Ransomware Cyber Attack Investigation

Today the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement under the Health Insurance Portability and Accountability Act (HIPAA) with Doctors’ Management Services (DMS), a Massachusetts medical management company that provides a variety of services, including medical billing and payor credentialing. The settlement of US$ 100,000 was reached with DMS for allegedly failing to prevent a ransomware attack that affected the electronic protected health information of 206,695 people. Ransomware is a type of malware (malicious software) designed to deny access to a user’s data, usually by encrypting the data with a key known only to the hacker who deployed the malware, until a ransom is paid.

For more information, see the HHS press release.