Green Ridge Behavioral Health LLC

In February 2019, Green Ridge Behavioral Health reported a ransomware attack which encrypted their network server, affecting the electronic health records of over 14,000 individuals. The incident led to an OCR investigation that revealed potential HIPAA Privacy and Security Rules violations. The company failed to adequately analyze risks, implement security measures, and monitor system activity to prevent such cyber-attacks. The settlement includes a $40,000 payment and a three-year corrective action plan to enhance HIPAA compliance and protect patient information.

Source: https://www.hcinnovationgroup.com/cybersecurity/data-breaches/news/53097514/ocr-settles-second-investigation-related-to-ransomware

"id": "pla002091224",
"linkid": "planet-hipaa-llc",
"type": "Ransomware",
"date": "2/2024",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"