The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) issued a “Dear Colleague” letter about the Change Healthcare cyberattack. OCR also opened an official investigation. The attack affects Change Healthcare, a unit of UnitedHealthcare Group (UHG),...

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with Green Ridge Behavioral Health, LLC, a Maryland psychiatric practice. The case involved a ransomware attack that compromised the protected health information of...

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a $4.75 million settlement with Montefiore Medical Center, a New York City hospital system. The settlement resolves multiple potential HIPAA Security Rule violations. OCR enforces...

On December 15, 2023 the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a $160,000 settlement with Optum Medical Care of New Jersey (formerly Riverside Medical Group). OCR received six complaints in 2021 that...