chevron-down Created with Sketch Beta.
March 01, 2024

HHS’ OCR Finalizes Second-Ever Ransomware Cyber-Attack Settlement

On February 21, 2024, HHS announced its second-ever ransomware cyber-attack settlement with Green Ridge Behavioral Health, LLC. The settlement is a result of an investigation following a ransomware attack that impacted the protected health information of over 14,000 individuals. In 2019, Green Ridge Behavioral Health filed a breach report with OCR. OCR’s investigation found evidence of potential violations of the HIPAA Privacy and Security Rules leading up to and at the time of the breach. Under the terms of the settlement, Green Ridge Behavioral Health agreed to pay $40,000 and implement a corrective action plan that will be monitored by OCR for three years. 

The material in all ABA publications is copyrighted and may be reprinted by permission only. Request reprint permission here.