Skip to main content
Skip to navigation

Regulatory Enforcement

Medical management company to pay $100K in landmark HHS ransomware case

By Kyle Brasseur2023-11-01T22:10:00

A Massachusetts-based medical management company agreed to pay $100,000 in settling the first ransomware agreement under the Health Insurance Portability and Accountability Act (HIPAA) reached by the Department of Health and Human Services’ Office for Civil Rights (HHS OCR).

Doctors’ Management Service filed a breach report with the HHS in April 2019 regarding a ransomware attack that impacted more than 200,000 individuals, the agency said in a press release Tuesday. The company first detected the breach in December 2018, though it determined the initial access dated back to April 2017.

The HIPAA privacy, security, and breach notification rules set requirements regulated entities must follow to protect the privacy and security of health information.

THIS IS MEMBERS-ONLY CONTENT

cw-membership

You are not logged in and do not have access to members-only content.

If you are already a registered user or a member, SIGN IN now.

Related articles

News Brief
Lafourche Medical Group to pay $480K in landmark HHS phishing action

2023-12-08T16:48:00Z By Kyle Brasseur

Louisiana-based Lafourche Medical Group agreed to pay $480,000 as part of the first phishing attack-related settlement the Department of Health and Human Services’ Office for Civil Rights has reached under the Health Insurance Portability and Accountability Act.
News Brief
Medical center to pay $80K for Covid-19 patient info shared with media

2023-11-21T17:43:00Z By Kyle Brasseur

Saint Joseph’s Medical Center agreed to pay $80,000 as part of a settlement with the Department of Health and Human Services’ Office for Civil Rights for potential violations of the Health Insurance Portability and Accountability Act.
News Brief
HHS orders L.A. Care to pay $1.3M over apparent HIPAA violations

2023-09-13T19:57:00Z By Jeff Dale

L.A. Care Health Plan agreed to pay $1.3 million to settle allegations by the U.S. Department of Health and Human Services it potentially violated the Health Information Portability and Accountability Act.

More from Regulatory Enforcement

News Brief
SEC’s Uyeda: ‘Enforcement is the wrong way’ to handle off-channel communications

2026-03-19T21:08:00Z By Aaron Nicodemus

The U.S. Securities and Exchange Commission’s Mark Uyeda told an audience of investment advisers that the SEC will no longer prioritize stand-alone enforcement actions for violations of the SEC’s rules on off-channel communications.
News Brief
Adobe agrees to $150M settlement over alleged cancellation fee violations

2026-03-17T21:22:00Z By Oscar Gonzalez

Adobe agreed to a $150 million settlement with the U.S. Department of Justice over accusations that it concealed software termination fees and made it difficult for customers to cancel.
Article
U.K. competition regulator ‘very likely’ to use new enforcement powers despite government’s pro-growth agenda

2026-03-13T21:06:00Z By Neil Hodge

New powers granted to the U.K.’s main competition watchdog will result in greater scrutiny, tougher enforcement, and a stark warning for companies to review their sales and marketing promotions—especially since some practices have been pushed firmly into the spotlight thanks to legislation that came into effect last year.