HHS has reached its second-ever ransomware settlement, concluding an investigation into Gaithersburg, Md.-based Green Ridge Behavioral Health.
According to a Feb. 21 news release from HHS, Green Ridge filed a breach report in 2019 stating its network server was encrypted with ransomware, leading to the encryption of the electronic health records of all patients.
The investigation found potential violations of HIPAA privacy and security rules leading up to the breach, according to HHS.
As part of the settlement, Green Ridge Behavioral Health will pay $40,000 and implement a corrective action plan, including conducting a comprehensive analysis of potential security risks and a risk management plan.
In the past five years, there has been a 264% increase in healthcare data breaches involving ransomware reported to HHS, the agency said in its release.
HHS reached a settlement with Doctors' Management Services, a Massachusetts medical management company, in November.