OCR Faults Business's Data Security Practices After Ransomware Attack
The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) recently announced its first settlement agreement related to a ransomware attack. But it was not the ransomware that triggered OCR’s enforcement action—it was likely the regulated entity’s failure to detect (and thus report) the breach for nearly two years.
