Green Ridge Behavioral Health experienced a significant ransomware attack in February 2019, affecting the electronic health records of over 14,000 individuals. Due to the vulnerabilities in their security measures and insufficient system monitoring, the attack resulted in the encryption of vital patient data, causing HIPAA Privacy and Security Rules violations. The OCR's investigation led to a settlement, where the practice must pay $40,000 and adhere to a corrective action plan monitored for three years. The attack disrupted the availability and confidentiality of sensitive health information, hampering both patients' and health providers' ability to make informed decisions.
TPRM report: https://scoringcyber.rankiteo.com/company/theridgebh
"id": "the002091724",
"linkid": "theridgebh",
"type": "Ransomware",
"date": "2/2024",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '14,000 individuals',
'industry': 'Healthcare',
'name': 'Green Ridge Behavioral Health',
'type': 'Healthcare Provider'}],
'data_breach': {'data_encryption': 'Yes',
'number_of_records_exposed': '14,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Electronic health records'},
'date_detected': 'February 2019',
'description': 'Green Ridge Behavioral Health experienced a significant '
'ransomware attack in February 2019, affecting the electronic '
'health records of over 14,000 individuals. Due to the '
'vulnerabilities in their security measures and insufficient '
'system monitoring, the attack resulted in the encryption of '
'vital patient data, causing HIPAA Privacy and Security Rules '
"violations. The OCR's investigation led to a settlement, "
'where the practice must pay $40,000 and adhere to a '
'corrective action plan monitored for three years. The attack '
'disrupted the availability and confidentiality of sensitive '
"health information, hampering both patients' and health "
"providers' ability to make informed decisions.",
'impact': {'data_compromised': 'Electronic health records of over 14,000 '
'individuals',
'financial_loss': '$40,000',
'legal_liabilities': 'HIPAA Privacy and Security Rules violations',
'operational_impact': 'Disruption in the availability and '
'confidentiality of sensitive health '
'information',
'systems_affected': 'Electronic health records system'},
'initial_access_broker': {'high_value_targets': 'Electronic health records'},
'investigation_status': 'Settlement and corrective action plan',
'post_incident_analysis': {'corrective_actions': 'Corrective action plan '
'monitored for three years',
'root_causes': 'Vulnerabilities in security '
'measures and insufficient system '
'monitoring'},
'ransomware': {'data_encryption': 'Yes'},
'regulatory_compliance': {'fines_imposed': '$40,000',
'legal_actions': 'Corrective action plan monitored '
'for three years',
'regulations_violated': 'HIPAA Privacy and Security '
'Rules'},
'response': {'remediation_measures': 'Corrective action plan monitored for '
'three years'},
'title': 'Ransomware Attack on Green Ridge Behavioral Health',
'type': 'Ransomware Attack'}