The breach exposed the information of more than 585 thousand people, violating HIPAA.
Department of Health and Human Services’ Office for Civil Rights (OCR) has reached a settlement with Comstar, LLC, following a ransomware breach that affected over 585,000 individuals. OCR’s investigation revealed that the Massachusetts-based company, which handles billing and collection services for emergency ambulance providers, violated a HIPAA Security Rule requiring a proper risk analysis to identify potential vulnerabilities in its systems.
The breach, which occurred in March 2022 but was not discovered until a week later, involved the unauthorized access and encryption of electronic protected health information (ePHI), including medical and medication records. Comstar, which worked with more than 70 covered healthcare entities, has agreed to a $75,000 settlement and a two-year corrective action plan under federal oversight.
“Assessing the potential risks and vulnerabilities to electronic protected health information is effective cybersecurity, and a HIPAA Security Rule requirement,” said Acting OCR Director Anthony Archeval.
As the Lord Leads, Pray with Us…
- For Acting Director Archeval to be led by the Lord as he oversees the HHS Office of Civil Rights.
- For wisdom for Secretary Robert F. Kennedy, Jr. as he heads the Department of Health and Human Services.
Sources: Department of Health and Human Services
RECENT PRAYER UPDATES
