HHS Settles with Comstar, LLC Over HIPAA Security Violations Following Ransomware Breach Impacting Over 585,000 Individuals
NuLLFiXThe U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), has announced a settlement with Comstar, LLC, a Massachusetts-based billing and collection service provider for non-profit and municipal ambulance services. The settlement addresses potential violations of the HIPAA Security Rule following a ransomware attack that exposed the electronic protected health information (ePHI) of 585,621 individuals. OCR enforces the HIPAA Privacy, Security, and Breach Notification Rules, which outline the obligations of covered entities (such as health plans, healthcare providers, and clearinghouses) and business associates like Comstar to safeguard the privacy and security of protected health information [...]