Incident Details
The breach involved Doctors' Management Service (DMS) and their failure to detect a ransomware attack for over a year. The U.S. Department of Health and Human Services Office of Civil Rights (HHS OCR) found multiple HIPAA violations.
Incident
How Did the Breach Happen?
DMS failed to detect an intrusion into their systems for over a year, allowing ransomware to be deployed and encrypt their files. The attacker gained access through a remote desktop connection.
What Data has been Compromised?
Over 200,000 patient records were impacted by the breach.
Why Did the company's Security Measures Fail?
DMS did not conduct a thorough risk analysis, failed to review system activity regularly, and lacked reasonable security policies and procedures.
What Immediate Impact Did the Breach Have on the company?
DMS had to pay a $100,000 settlement and implement a three-year corrective action plan to resolve alleged HIPAA violations.
How could this have been prevented?
- Conduct regular and thorough risk analyses
- Implement procedures to monitor system activity consistently
- Establish and maintain reasonable security policies and procedures
What have we learned from this data breach?
- The importance of timely intrusion detection
- The necessity of robust security measures and policies
- The significance of proactive cybersecurity practices
Summary of Coverage
The breach at Doctors' Management Service highlights the critical need for effective cybersecurity measures and proactive monitoring to prevent data breaches and comply with HIPAA regulations.