The fines for not having prepared a risk assessment will always be more expensive than quietly surrendering to extortion.
By D. Kellus Pruitt DDS
“Lack of Risk Assessment Key in UWM $750K HIPAA Settlement” By Elizabeth Snell on December 15, 2015
http://healthitsecurity.com/news/lack-of-risk-assessment-key-in-uwm-750k-hipaa-settlement
“The University of Washington Medicine (UWM) recently agreed to a $750,000 fine as part of a HIPAA settlement, which was the result of a 2013 incident. UWM filed a breach report to OCR November 27, 2013, where an email containing malicious malware reportedly compromised 90,000 individuals’ ePHI.”
Perhaps it would be wise to list ransomware in the risk assessment, and how one intends to mitigate the loss… Such as paying the ransom (one or more times). Any better idea?
The fines for not having prepared a risk assessment will always be more expensive than quietly surrendering to extortion. That is how extortion works. Unlike HHS, successful parasites don’t kill their hosts.
