US healthcare organization has to pay almost a billion dollars in fines for ransomware incident in 2017

US healthcare organization has to pay almost a billion dollars in fines for ransomware incident in 2017

Heritage Valley Health System has been fined $950,000 for HIPAA violations related to a ransomware attack.

The U.S. Department of Health and Human Services has imposed a large fine on Pennsylvania-based Heritage Valley Health System for violations of the Health Insurance Portability and Accountability Act.

The fine followed an investigation into a ransomware attack on the healthcare provider in 2017.

The Department of Health found that Heritage Valley Health System had not conducted an adequate risk analysis of the data it held and stored, had not had an adequate contingency plan in place in the event of such an attack, and had not properly implemented user access policies.

In addition to the fine, Heritage Valley will be required to develop appropriate security policies consistent with HIPAA rules, implement a risk management plan, and conduct a “thorough risk analysis” program.

The organization’s progress will also be monitored for three years by the Office for Civil Rights in the Department of Health and Human Services.

“Hacking and ransomware are the most common types of cyberattacks in the healthcare sector. Failure to comply with HIPAA security regulations leaves healthcare organizations vulnerable and attractive targets for cybercriminals,” said Melanie Fontes Rainer, director of the Office of Civil Rights, in a statement.

“Protecting patient-protected health information protects privacy and ensures continuity of care, which is our top priority. We remind and urge healthcare organizations to protect their data systems and patients from cyberattacks.”

According to the Department of Health and Human Services, the number of ransomware reports filed with the Office for Civil Rights has increased by 264 percent since 2018.

David Hollingworth

David Hollingworth has been writing about technology for over 20 years and has worked for a variety of print and online titles throughout his career. He enjoys covering cybersecurity, especially when he can talk about Lego.