HHS OCR settled with BST & Co. CPAs due to a HIPAA Security Rule violation stemming from a ransomware attack that compromised patient health information. The breach, reported to affect 170,000 patients, was discovered by BST in December 2019. The investigation revealed that BST lacked a thorough risk analysis of vulnerabilities concerning electronic protected health information. Under the settlement, BST will implement a corrective action plan monitored by OCR for two years, and pay a penalty of $175,000 while taking steps to ensure compliance with HIPAA regulations.
BST & Co. CPAs faced charges for a potential violation of the HIPAA Security Rule due to a ransomware attack that exposed the protected health information of 170,000 patients.
The breach investigation revealed that BST failed to conduct an accurate risk analysis to identify vulnerabilities regarding the ePHI it managed.
As part of the settlement, BST agreed to a two-year monitored corrective action plan alongside a payment of $175,000 to the HHS Office for Civil Rights.
The resolution agreement mandates BST to take specific steps to ensure compliance with the HIPAA Security Rule to protect the confidentiality of electronic protected health information.
Collection
[
|
...
]