settlement
HHS Office for Civil Rights Settles Ransomware Cybersecurity Investigation for $500,000: $500,000
Resolution Oct 2024
Penalty
$500,000
Action type
Settlement
Entity profile
—
Case number
—
What went wrong
HHS Office for Civil Rights Settles Ransomware Cybersecurity Investigation for $500,000
Timeline
- ResolutionOct 2024
- Incident and investigation milestones are not consistently published by OCR in machine-readable form.
Key takeaways for your organization
- Align policies, procedures, and evidence with the specific CFR provisions cited in OCR resolutions affecting your entity type.
- Run tabletop exercises for breach response, OCR inquiry handling, and privilege-preserving communications with counsel.
- Revisit business associate inventory and downstream vendor security assurances after major enforcement themes in your sector.
Related actions
HHS Office for Civil Rights Settles Phishing Attack Breach with Health Care Network for $600,000
ID
$600,000
Allergy Practice pays $125,000 to settle doctor's disclosure of patient information to a reporter
—
$125,000
Judge rules in favor of OCR and requires a Texas cancer center to pay $4.3 million in penalties for HIPAA violations
—
$4,300,000
Source
U.S. Department of Health and Human Services release
Source: U.S. Department of Health and Human Services, Office for Civil Rights. medcomply.ai aggregates public materials for educational use, not legal advice.