What You Need to Know About HIPAA Violations and Cyber Attacks

February 6, 2024

A recently settled case by the U.S. Department of Health and Human Services is being called a “landmark ruling” because it is the first to address HIPAA violations stemming from ransomware attacks. A Massachusetts medical management company was found liable for the breach of the electronic protected health information (ePHI) of more than 206,000 individuals because of the cyber-attack. The company provides services including payer credentialing and medical bills to HIPAA-covered entities.

In addition to a hefty fine of $100,000, the company will also have to comply with a three-year corrective action plan that includes updating its policies for training its employees and developing risk management strategies to safeguard against future HIPAA violations of ePHI records.

This case presents the opportunity for a refresher on the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the rules that protect the privacy and security of patient’s health information.

ISMIE provides information on what you need to know about HIPAA, which can assist you with assessing your risks and reporting a breach of protected health information. ISMIE also outlines potential risks and threats of cybersecurity for safeguarding sensitive health information.

Our friends from the Illinois State Medical Society offer a medical legal guideline on Individual and Third-Party Access to Medical Records.

If you have questions, please contact the Risk Management Division by email.
Share this article:

Cookie Consent

Cookies are required for some functionality on our site. View our privacy policy for more information.