Green Ridge Behavioral Health experienced a significant ransomware attack in February 2019, affecting the electronic health records of over 14,000 individuals. Due to the vulnerabilities in their security measures and insufficient system monitoring, the attack resulted in the encryption of vital patient data, causing HIPAA Privacy and Security Rules violations. The OCR's investigation led to a settlement, where the practice must pay $40,000 and adhere to a corrective action plan monitored for three years. The attack disrupted the availability and confidentiality of sensitive health information, hampering both patients' and health providers' ability to make informed decisions.
"id": "the002091724",
"linkid": "theridgebh",
"type": "Ransomware",
"date": "2/2024",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"