HIPAA Security Rule, Cyber Attacks, OCR

The Health Record - Healthcare Law Insights, V 2, Issue 4, April 2025

Spilman Thomas & Battle, PLLC on 4/8/2025

Welcome to our fourth issue of 2025 of The Health Record -- our healthcare law insights e-newsletter. In this edition, we look at prior authorization transparency and physician decision-making; the impact of Medicaid cuts...more

Season of Enforcement: OCR Announces Its Sixth Enforcement Action of 2025

McCarter & English, LLP on 1/22/2025

With 2025 barely three weeks old, the US Department of Health and Human Services Office for Civil Rights (OCR) has already announced six enforcement actions for the new year. Particularly significant is the advancement of...more

OCR Says HIPAA Audits Will Resume: OIG Makes Recommendations for Enhancement

Foley & Lardner LLP on 12/10/2024

Recognizing the increasing number of successful cyberattacks targeting health care organizations and their valuable patient data, the Office of the Inspector General (OIG) is calling for enhancements to the HIPAA audit...more

It’s Officially Enforcement Season: OCR Announces First Penalty Under New Risk Analysis Initiative

BakerHostetler on 11/19/2024

On October 31, 2024, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) embraced the end of Spooky Season by announcing two more ransomware-related enforcement actions. ...more

Seven Years After Worldwide NotPetya Attacks, OCR Singles Out PA System, Collects Nearly $1M

Health Care Compliance Association (HCCA) on 8/21/2024

Unleashed on June 27, 2017, NotPetya caused an estimated $10 billion in damages globally, among the costliest ransomware attacks in history. In 2018, the Trump administration—in tandem with the British government—blamed...more

Providers Face HIPAA Compliance Questions After Change Healthcare Cyberattack

ArentFox Schiff on 6/19/2024

Who will notify the potentially millions of individuals whose information might have been jeopardized by the massive cyberattack on Change Healthcare? Since the affiliate of UnitedHealth Group (UHG) first reported the...more

HHS Office for Civil Rights Reaches Second Health Care Ransomware Settlement

Skadden, Arps, Slate, Meagher & Flom LLP on 4/4/2024

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced its second settlement in four months growing out of a ransomware attack on a health care business. Maryland-based Green Ridge...more

HHS Issue Six Figure Penalty for Ransomware Attack

Bricker Graydon LLP on 1/5/2024

Late last year, the Department of Health and Human Services (HHS) issued its first HIPAA settlement agreement involving a ransomware attack. In the press release announcing the settlement, HHS stated that they began...more

Facing Escalating Attacks, AHA Presses OCR to Expedite Security Practices Rule

Health Care Compliance Association (HCCA) on 12/10/2021

Report on Patient Privacy 21, no. 12 (December, 2021) - Amid the letters of congratulations to new HHS Office for Civil Rights (OCR) Director Lisa Pino is a plea from the American Hospital Association (AHA): “victims” of...more

OCR Updates Ransomware Guidance

King & Spalding on 6/15/2021

On June 9, 2021, OCR distributed an update to those on its Privacy List sharing links to alerts and resources for addressing the growing number and size of ransomware incidents. One such resource included a White House memo...more

HIPAA Business Associate Pays $2.3 Million to Settle Breach Affecting Protected Health Information of Over 6 Million Individuals

Foley Hoag LLP - Security, Privacy and the... on 9/28/2020

With apologies to John Donne, ask not for whom the bells tolls, HIPAA business associates, it tolls for thee! While it has been the law for some time that business associates could be held directly liable for breaches,...more

HIPAA Security Rule › Cyber Attacks › Office of Civil Rights

"My best business intelligence, in one easy email…"