HHS’ Office for Civil Rights Settles Ransomware Investigation with Spencer Gifts Health Plan for $450k, Corrective Action Plan
ID: 6a2a5f76-78dc-5ac6-aec5-00a37a06319d
STIX ID: report--6a2a5f76-78dc-5ac6-aec5-00a37a06319d
Feed Name: DataBreaches.Net
HHS OCR announced a $450,000 settlement and a two-year corrective action plan with Spencer Gifts Flexible Benefits and Welfare Benefit Plans after a November 2021 ransomware incident—claimed by Conti—encrypted systems storing ePHI and potentially exposed PHI for 10,023 individuals (including names, contact details, and Social Security numbers). OCR identified failures in conducting an accurate risk analysis and in implementing HIPAA Privacy and Security policies; the Plan must perform a thorough risk analysis, update policies, and provide workforce training.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
