HHS announces first ransomware settlement

Doctors’ Management Services will pay $100,000 and adhere to a penalty action plan due to HIPAA breach rules violation and its failure to identify system vulnerabilities before a ransomware attack in 2017 that affected the private health information of 206,695 people. The HHS Office for Civil Rights considers ransomware and hacking as major cyber threats in healthcare. The scale of attacks has been escalating, with breaches reported to the OCR having risen by 239% in the past four years.