Ransomware cyber

Green Ridge Behavioral Health LLC

Jul 6, 2024 1 min read
Green Ridge Behavioral Health LLC

Green Ridge Behavioral Health faced a ransomware attack compromising the protected health information of over 14,000 individuals. The OCR's investigation found potential HIPAA violations including insufficient risk analysis, lack of necessary security measures, and inadequate system monitoring. This resulted in an encryption of patient electronic health records and company files, disrupting the healthcare provider's operations. To resolve the issues, they agreed to a $40,000 settlement and a corrective action plan overseen by the OCR for three years.

Source: https://www.hcinnovationgroup.com/cybersecurity/data-breaches/news/53097514/ocr-settles-second-investigation-related-to-ransomware

TPRM report: https://scoringcyber.rankiteo.com/company/green-ridge-behavioral-health-llc

"id": "gre451070624",
"linkid": "green-ridge-behavioral-health-llc",
"type": "Ransomware",
"date": "2/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '14,000',
                        'industry': 'Healthcare',
                        'name': 'Green Ridge Behavioral Health',
                        'type': 'Healthcare Provider'}],
 'data_breach': {'data_encryption': 'Yes',
                 'file_types_exposed': 'Electronic Health Records, Company '
                                       'Files',
                 'number_of_records_exposed': '14,000',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Protected Health Information'},
 'description': 'Green Ridge Behavioral Health faced a ransomware attack '
                'compromising the protected health information of over 14,000 '
                "individuals. The OCR's investigation found potential HIPAA "
                'violations including insufficient risk analysis, lack of '
                'necessary security measures, and inadequate system '
                'monitoring. This resulted in an encryption of patient '
                'electronic health records and company files, disrupting the '
                "healthcare provider's operations. To resolve the issues, they "
                'agreed to a $40,000 settlement and a corrective action plan '
                'overseen by the OCR for three years.',
 'impact': {'data_compromised': 'Protected Health Information',
            'downtime': 'Disruption of operations',
            'financial_loss': '$40,000',
            'legal_liabilities': 'HIPAA violations',
            'operational_impact': 'Disruption of operations',
            'systems_affected': 'Electronic Health Records, Company Files'},
 'motivation': 'Financial',
 'ransomware': {'data_encryption': 'Yes'},
 'regulatory_compliance': {'fines_imposed': '$40,000',
                           'regulations_violated': 'HIPAA'},
 'title': 'Ransomware Attack on Green Ridge Behavioral Health',
 'type': 'Ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.