HHS Reaches Its First HIPAA Settlement Agreement Involving a Ransomware Attack | Practical Law
The Department of Health and Human Services (HHS) has announced a settlement of potential Privacy and Security Rule violations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The settlement involved a Massachusetts-based medical management company (and HIPAA business associate (BA)). The BA must pay $100,000 to HHS and comply with a three-year corrective action plan.