Read at Databreaches
The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), has reached a $4.75 million settlement with Montefiore Medical Center for multiple potential violations of HIPAA's Security Rule. The violations stemmed from data security failures that allowed an employee to steal and sell patients' protected health information. OCR Director Melanie Fontes Rainer emphasized the importance of addressing the risks to patient health information swiftly and diligently. This settlement highlights the need for the health care sector to prioritize cybersecurity and protection of patient records.
"Unfortunately, we are living in a time where cyber-attacks from malicious insiders are not uncommon. Now more than ever, the risks to patient protected health information cannot be overlooked and must be addressed swiftly and diligently," said OCR Director Melanie Fontes Rainer.
This settlement comes as part of HHS's efforts to enhance cybersecurity in the health care sector. In December 2023, HHS released a Department-wide Cybersecurity strategy, and recently issued voluntary performance goals for improving cybersecurity across the health sector. The announcement serves as a reminder that cyber-attacks can affect organizations of all sizes and underscore the need for the health care system to follow laws and regulations to protect patient records.
Cyber-attacks do not discriminate based on organization size or stature, and it's incumbent that our health care system follow the law to protect patient records."