Green Ridge Behavioral Health LLC

Green Ridge Behavioral Health faced a ransomware attack compromising the protected health information of over 14,000 individuals. The OCR's investigation found potential HIPAA violations including insufficient risk analysis, lack of necessary security measures, and inadequate system monitoring. This resulted in an encryption of patient electronic health records and company files, disrupting the healthcare provider's operations. To resolve the issues, they agreed to a $40,000 settlement and a corrective action plan overseen by the OCR for three years.

Source: https://www.hcinnovationgroup.com/cybersecurity/data-breaches/news/53097514/ocr-settles-second-investigation-related-to-ransomware

"id": "gre451070624",
"linkid": "green-ridge-behavioral-health-llc",
"type": "Ransomware",
"date": "2/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"