Today, the U.S. Department of Health and Human Services’ Office for Civil Rights announced a settlement with Heritage Valley Health System , which provides care in Pennsylvania, Ohio and West Virginia, concerning potential violations of the Health Insurance Portability and Accountability Act Security Rule, following a ransomware attack. Ransomware and hacking are the primary cyber-threats in health care.
Under the terms of the resolution agreement, Heritage Valley agreed to pay $950,000 and implement a corrective action plan that will be monitored by OCR for three years. Under the plan Heritage Valley will take a number of steps to resolve potential violations of the HIPAA Security Rule and protect the security of electronic protected health information, including:
Review and develop, maintain, and revise, as necessary its written policies and procedures to comply with the HIPAA Rules; andOCR recommends health care providers, health plans, clearinghouses, and business associates that are covered by HIPAA take the following steps to mitigate or prevent cyber-threats:
Utilize multi-factor authentication to ensure only authorized users are accessing electronic protected health information .Incorporate lessons learned from incidents into the overall security management process.
Law Law Latest News, Law Law Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Source: HHSGov - 🏆 147. / 63 Read more »
Source: HHSGov - 🏆 147. / 63 Read more »
Source: HHSGov - 🏆 147. / 63 Read more »
Source: commondreams - 🏆 530. / 51 Read more »
Source: ABC - 🏆 471. / 51 Read more »