In May 2022, Comstar LLC, an ambulance billing service, disclosed a data breach affecting approximately 585,621 individuals due to ransomware. Despite reporting only 68,957 affected individuals to HHS, which raised questions, an investigation by the Office for Civil Rights (OCR) revealed significant lapses, including a failure to conduct thorough risk analysis. Subsequently, Comstar agreed to a settlement involving a corrective action plan and a $75,000 fine, aiming to improve its data security practices and ensure compliance with HIPAA regulations.
Comstar's failure to conduct an accurate and thorough risk analysis exposed vulnerabilities that compromised electronic protected health information (ePHI) of 585,621 individuals, highlighting critical security lapses.
The significant discrepancy between the affected individuals, reported at 68,957 to HHS, and the 585,621 noted in OCR's investigation raises questions about transparency and accountability among covered entities.
Collection
[
|
...
]