Call Us Today! 877-659-2467 contactus@arismedicalsolutions.com
Aris Home
Contact Us
Learn More

Tag: ransomware

Green Ridge Behavioral Health is Second Ransomware Settlement

Posted bySuze Shaffer

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with Green Ridge Behavioral Health, LLC, a Maryland psychiatric practice. The case involved a ransomware attack that compromised the protected health information of more than 14,000 patients.

Ransomware locks users out of their data until a hacker receives payment. OCR enforces HIPAA’s Privacy, Security, and Breach Notification Rules to protect patient information. This marks OCR’s second ransomware-related settlement.

OCR Director Melanie Fontes Rainer said:
“Ransomware is now one of the most common cyber-attacks. Patients suffer when they cannot access their medical records. Providers must take steps to prevent these attacks and protect patient data.”

The Breach

In February 2019, Green Ridge reported to OCR that ransomware encrypted its servers, company files, and all patient electronic health records. OCR’s investigation found multiple HIPAA Security Rule failures, including:

  • No complete risk analysis of electronic PHI.
  • No effective security measures to reduce risks.
  • No sufficient monitoring of system activity.

Settlement Terms

Green Ridge agreed to pay $40,000 and implement a Corrective Action Plan (CAP) monitored by OCR for three years. The CAP requires Green Ridge to:

  • Conduct a full risk analysis.
  • Create a risk management plan.
  • Update policies and procedures.
  • Train its workforce on HIPAA.
  • Audit third-party vendors and ensure business associate agreements.
  • Report workforce HIPAA violations to OCR.

Recommendations

Ransomware and hacking are now the top cyber threats in healthcare. Large breaches have increased 256% in the last five years. Ransomware rose 264% during the same period. In 2023, hacking caused 79% of large breaches, affecting over 134 million people—a 141% increase from 2022.

OCR recommends providers and business associates:

  • Regularly perform risk analysis and risk management.
  • Monitor and audit system activity.
  • Use multi-factor authentication and encryption.
  • Ensure strong vendor agreements.
  • Provide frequent, role-specific workforce training.
  • Apply lessons from past incidents.

©2025 Aris Medical Solutions – HIPAA Keeper | HIPAA Compliance Consultants | All Rights Reserved | Terms and Conditions | Privacy Policy
The content and images on this website is owned by Aris Medical Solutions and their owners. Do not copy any content or images without our consent.
Powered by Bandwise LLC