EMC Insurance

welcome Are you a new user? REGISTER HERE username password Keep me signed in RETRIEVE PASSWORD	Create A Cyber Risk Management Plan Before There Is A Breach October 17, 2024 Green Ridge Behavioral Health, LLC (Green Ridge) in Maryland recently agreed to settle a lawsuit brought against it by the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). In February 2021, Green Ridge filed a breach report with OCR stating that its network server had been infected with ransomware and that company files and patient electronic health records were encrypted. The ransomware attack allegedly compromised the protected health information of more than 14,000 patients. An OCR investigation "found evidence of potential violations of the HIPAA Privacy and Security Rules leading up to and at the time of the breach." Investigators also determined that Green Ridge failed to analyze the "potential risks and vulnerabilities to electronic protected health information"; implement security measures to reduce them; and sufficiently monitor system activity to protect against a cyberattack. Green Ridge agreed to pay $40,000 and implement a corrective action plan that includes conducting a comprehensive and thorough analysis of these potential risks and vulnerabilities; creating a Risk Management Plan to address and mitigate them; revising its policies and procedures to comply with HIPAA, as necessary; training staff on HIPAA policies and procedures; auditing third-party arrangements; and reporting HIPAA violations to OCR. OCR will monitor implementation of the plan for three years. This is the second settlement reached between OCR and "a HIPAA regulated entity for potential violations identified during an investigation following a ransomware attack." "HHS' Office for Civil Rights Settles Second Ever Ransomware Cyber-Attack" www.hhs.gov (Feb. 21, 2024). Commentary In the source material, one of the many settlement provisions was Green Ridge creating a "Risk Management Plan" to address data risks. Organizations of all types can benefit from implementing a cyber risk management plan before there is a breach. This would involve conducting a risk assessment; implementing risk mitigation strategies; and continually monitoring the security of the information system. A risk assessment may include threat modeling and analyzing vulnerabilities through static code analysis and network, host, and database scanning. Continuously evaluate the effectiveness of security control measures. "CMS Cyber Risk Management Plan (CRMP)" security.cms.gov (Mar. 27, 2023). Work with your IT team or a skilled third party to conduct a risk assessment and create a cyber risk management plan to help protect your organization from a ransomware attack. Finally, your opinion is important to us. Please complete the opinion survey: I found this article very helpful. I found this article helpful. I did not find this article helpful.	Create A Cyber Risk Management Plan Before There Is A Breach Failing to assess and address cyber risks and vulnerabilities leaves your organization vulnerable to a ransomware attack. We examine. read more Bad Actors Use Phishing Because It Still Works An FBI report shows a record number of complaints received, and phishing tops the 2023 list. Learn about the importance of training. read more Failure To Timely Report Data Breaches Leads To Loss And Blunts Mitigation Efforts SEC rules require prompt reporting of data breaches. Learn about a $10 million fine, and why timely notification is important. read more Medusa Ransomware Is Turning Unpatched Systems To Stone Cybercriminals can exploit a single unpatched device to infect the entire organization with Medusa ransomware. We examine. read more
	©2008-2024 The McCalmon Group, Inc. The McCalmon Group's User Agreement and Privacy Policy.