A settlement with Manasa Health Centre has been announced by the US Department of Health and Human Services (HHS).
The agreement resolves a complaint OCR received in April 2020 stating that Manasa Health Centre had improperly released a patient's protected health information when it responded to the patient's unfavourable online review.
Potential HIPAA Privacy Rule (Privacy Rule) violations include improper disclosures of patient-protected health information in response to unfavourable online evaluations, according to an OCR investigation.
and failing to follow rules and regulations pertaining to protected health information. Manasa Health Centre agreed to implement a remedial action plan and paid OCR $30,000 in exchange for resolving these possible violations.
TPRM report: https://scoringcyber.rankiteo.com/company/us-department-of-health-and-human-services
"id": "usd142925623",
"linkid": "us-department-of-health-and-human-services",
"type": "Data Leak",
"date": "06/2023",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Healthcare',
'name': 'Manasa Health Centre',
'type': 'Healthcare Provider'}],
'attack_vector': 'Improper Disclosure',
'data_breach': {'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Protected Health Information'},
'date_detected': '2020-04-01',
'description': "Manasa Health Centre improperly released a patient's "
'protected health information in response to an unfavourable '
'online review, leading to a settlement with the US Department '
'of Health and Human Services.',
'impact': {'data_compromised': 'Protected Health Information',
'financial_loss': ['Fines: $30,000'],
'legal_liabilities': ['HIPAA Privacy Rule Violations']},
'post_incident_analysis': {'corrective_actions': ['Implemented a remedial '
'action plan'],
'root_causes': ['Improper disclosure of protected '
'health information']},
'references': [{'source': 'US Department of Health and Human Services'}],
'regulatory_compliance': {'fines_imposed': ['$30,000'],
'regulations_violated': ['HIPAA Privacy Rule']},
'response': {'remediation_measures': ['Implemented a remedial action plan']},
'title': 'Manasa Health Centre Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Human Error'}