HIPAA Security Rule, Electronic Protected Health Information (ePHI), Ransomware

Season of Enforcement: OCR Announces Its Sixth Enforcement Action of 2025

McCarter & English, LLP on 1/22/2025

With 2025 barely three weeks old, the US Department of Health and Human Services Office for Civil Rights (OCR) has already announced six enforcement actions for the new year. Particularly significant is the advancement of...more

HHS Proposes Changes to Strengthen HIPAA Security Rule

Foley & Lardner LLP on 1/7/2025

Material updates to the HIPAA Security Rule could be on the way — affecting all HIPAA-regulated entities — for the first time in two decades. The Department of Health and Human Services (HHS) issued a Notice of Proposed...more

OCR Proposes Sweeping HIPAA Security Rule Amendments

Mintz - Health Care Viewpoints on 12/31/2024

Last fall at the Safeguarding Health Information: Building Assurance Through HIPAA Security 2024 conference, U.S. Department of Health & Human Services Office for Civil Rights (OCR) promised that before year’s end, it would...more

Congress Considers New Cybersecurity Legislation Adjunct to HIPAA

Goodwin on 12/17/2024

In the wake of Change Healthcare’s February 2024 ransomware attack, which affected the protected health information (PHI) of at least 100 million individuals — the largest breach of PHI in history — the federal government’s...more

Emergency Medical Service Provider Agrees to Pay a $90,000 HIPAA Settlement Following Ransomware Attack

Saul Ewing LLP on 11/21/2024

On November 1, 2024, the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) announced a $90,000 settlement with Bryan County Ambulance Authority (“BCAA”), a provider of emergency medical...more

It’s Officially Enforcement Season: OCR Announces First Penalty Under New Risk Analysis Initiative

BakerHostetler on 11/19/2024

On October 31, 2024, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) embraced the end of Spooky Season by announcing two more ransomware-related enforcement actions. ...more

Ransomware Hat Trick: OCR Scores Three Major Enforcement Actions in 2024

Williams Mullen on 10/30/2024

Ransomware attacks are a growing threat in the health care sector due to the value of personal health information (PHI). In addition to being expensive, these attacks can cripple health care operations, delay patient care,...more

HHS Issue Six Figure Penalty for Ransomware Attack

Bricker Graydon LLP on 1/5/2024

Late last year, the Department of Health and Human Services (HHS) issued its first HIPAA settlement agreement involving a ransomware attack. In the press release announcing the settlement, HHS stated that they began...more

Cybersecurity and HIPAA: Government Issues New Warning and Guidance in Wake of Increased Threats

Holland & Hart LLP on 6/15/2021

The U.S. Department of Health and Human Service’s Office for Civil Rights in Action (OCR) issued a warning that cybercriminals are attempting to exploit a critical vulnerability in VMware software. This alert originates from...more

OCR Updates Ransomware Guidance

King & Spalding on 6/15/2021

On June 9, 2021, OCR distributed an update to those on its Privacy List sharing links to alerts and resources for addressing the growing number and size of ransomware incidents. One such resource included a White House memo...more

4 Ways to Protect ePHI Beyond HIPAA Compliance

NAVEX on 8/14/2020

Given the choice between credit card data and digital health records, cybercriminals prefer the latter. A stolen credit card can be canceled. Electronic protected health information (ePHI) with its treasure-trove of...more

HIPAA Security Rule › Electronic Protected Health Information (ePHI) › Ransomware

"My best business intelligence, in one easy email…"