<- Back to Insights
July 8, 2024
US healthcare organisation fined nearly US$1M over 2017 ransomware incident
Cyber Daily
|
Contributed by: Drex DeFord
Summary
The United States Department of Health and Human Services fined Pennsylvania-based Heritage Valley Health System US$950,000 for HIPAA violations following a 2017 ransomware attack. The investigation revealed that the health system failed to conduct adequate risk analysis, lacked a contingency plan, and did not have proper user access policies. Alongside the fine, Heritage Valley is mandated to develop comprehensive security policies, implement a risk management plan, and undergo continuous monitoring by the Department of Health and Human Services' Office for Civil Rights for three years. This case highlights increasing ransomware threats in healthcare, stressing the need for robust data protection measures.

Explore Related Topics