Today, the US Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced a settlement with Plastic Surgery Associates of South Dakota in Sioux Falls, for several potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule, following its investigation into a ransomware attack breach by OCR. Ransomware and hacking are the primary cyber-threats in healthcare. Ransomware is a type of malware (malicious software) designed to deny access to a user’s data, usually by encrypting the data with a key known only to the hacker who deployed the malware, until a ransom is paid. There has been a 264% increase in large breaches reported to OCR involving ransomware attacks since 2018. October is Cybersecurity Awareness Month, and OCR has been working with health plans, healthcare clearinghouses, most healthcare providers and their business associates to raise awareness of the types of cyberattacks occurring and how to improve data security.
