“Briefings on HIPAA: Cybersecurity in Healthcare,” HCPro

Elizabeth Barry Heddleston
Woods Rogers Vandeventer Black
Contact
LinkedIn
Facebook
X
Send
Embed

Principal Liz Heddleston was recently interviewed by HCPro for a story published on April 8, 2024, discussing the rising threat of ransomware attacks for healthcare providers. The story highlights lessons learned from a ransomware attack on a Maryland-based behavioral health practice that exposed the data of more than 14,000 patients, resulting in a recent monetary settlement between the practice and the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR). The incident – and the settlement that followed – serves as a reminder for healthcare providers about the importance of having HIPAA compliance and strong cybersecurity measures in place.

Liz answered several questions about ransomware breaches, including:

  • How can healthcare organizations prepare for the increasing threat of ransomware?
  • What role does employee training play in preventing cybersecurity breaches, and what are the best practices for implementing this training?
  • How should healthcare organizations approach third-party vendor management to ensure HIPAA compliance and minimize breach risks?
  • What immediate actions should be taken to mitigate damage immediately following a breach?
  • After an incident, how can an organization effectively incorporate “lessons learned” into the security management process?

Liz told the publication, “Ransomware attacks can lead to legal risks and reputational harm and can be costly to contain and remediate. A good cyber insurance policy is paramount for protecting your organization against these risks. Ransomware attacks impacting PHI need to be reported to HHS-OCR and may trigger an investigation by federal regulators. These investigations can be very detailed and can get into the weeds of what measures you did (and did not) have in place before the breach. Failure to comply with HIPAA can lead to the imposition of corrective action and even fines and penalties in severe cases. Even though the healthcare organization was the victim of a criminal ransomware activity, it doesn’t let you off the hook in terms of HIPAA compliance.”

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Woods Rogers Vandeventer Black | Attorney Advertising

Written by:

Woods Rogers Vandeventer Black
Woods Rogers Vandeventer Black
Contact
more
less

Woods Rogers Vandeventer Black on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide