惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

K
Kaspersky official blog
Martin Fowler
Martin Fowler
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
V
Visual Studio Blog
博客园_首页
Engineering at Meta
Engineering at Meta
The Cloudflare Blog
MongoDB | Blog
MongoDB | Blog
Blog — PlanetScale
Blog — PlanetScale
T
The Blog of Author Tim Ferriss
雷峰网
雷峰网
D
Docker
博客园 - 司徒正美
S
SegmentFault 最新的问题
M
MIT News - Artificial intelligence
博客园 - 叶小钗
博客园 - 三生石上(FineUI控件)
U
Unit 42
J
Java Code Geeks
A
About on SuperTechFans
N
Netflix TechBlog - Medium
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
S
Security Affairs
I
Intezer
Cisco Talos Blog
Cisco Talos Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
B
Blog RSS Feed
P
Privacy & Cybersecurity Law Blog
T
Tenable Blog
T
Threatpost
H
Hacker News: Front Page
G
Google Developers Blog
博客园 - 【当耐特】
Hugging Face - Blog
Hugging Face - Blog
Apple Machine Learning Research
Apple Machine Learning Research
L
Lohrmann on Cybersecurity
大猫的无限游戏
大猫的无限游戏
Google DeepMind News
Google DeepMind News
A
Arctic Wolf
S
Secure Thoughts
GbyAI
GbyAI
NISL@THU
NISL@THU
S
Security @ Cisco Blogs
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Webroot Blog
Webroot Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
O
OpenAI News
Spread Privacy
Spread Privacy
Application and Cybersecurity Blog
Application and Cybersecurity Blog

New Jersey Enacts New Restrictions on Health Care Facilities’ Use of Patient Data

HHS’ Office for Civil Rights Settles HIPAA Investigation of Health Care Software Company New Jersey Enacts New Restrictions on Health Care Facilities’ Use of Patient Data New York Attorney General Reaches $500,000 Settlement with Orthopedics Practice Over 2023 Data Breach
HHS OCR Settles HIPAA Security Rule Investigation with Top of the World Ranch Treatment Center for $103,000
2026-03-02 · via New Jersey Enacts New Restrictions on Health Care Facilities’ Use of Patient Data

HHS OCR Settles HIPAA Security Rule Investigation with Top of the World Ranch Treatment Center for $103,000

On February 19, 2026, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced a $103,000 settlement with Top of the World Ranch Treatment Center (“TWRTC”), an Illinois substance use disorder treatment provider, to resolve alleged noncompliance with the HIPAA Security Rule’s risk analysis requirement.

According to OCR’s announcement, the investigation stemmed from a March 2023 breach report filed by TWRTC following a phishing attack. An unauthorized third party accessed electronic protected health information (“ePHI”) through a workforce member’s email account, compromising the ePHI of 1,980 patients.

OCR concluded that TWRTC failed to conduct an accurate and thorough risk analysis to assess potential risks and vulnerabilities to the confidentiality, integrity, and availability of its ePHI, as required by the HIPAA Security Rule.

In announcing the settlement, OCR Director Paula M. Stannard emphasized the importance of compliance with the Risk Analysis provision, particularly as regulated entities face increasing cybersecurity threats.

Settlement Terms and Corrective Action Plan

Under the resolution agreement, TWRTC agreed to:

  • conduct and complete an accurate and thorough risk analysis;
  • develop and implement a risk management plan to address identified risks and vulnerabilities;
  • develop, maintain and revise written policies and procedures to comply with the HIPAA Privacy, Security and Breach Notification Rules; and
  • provide annual HIPAA training to workforce members with access to ePHI.

OCR’s Risk Analysis Initiative

OCR identified this matter as its 11th enforcement action under its Risk Analysis Initiative, which focuses on compliance with the Security Rule’s requirement that covered entities and business associates conduct an accurate and thorough assessment of risks and vulnerabilities to ePHI.

OCR also reiterated practical steps regulated entities should take to mitigate cyber threats, including:

  • identifying where ePHI resides and how it flows through systems;
  • periodically conducting and updating risk analyses;
  • implementing audit controls and regularly reviewing system activity;
  • authenticating users seeking access to ePHI;
  • encrypting ePHI in transit and at rest, where appropriate;
  • incorporating lessons learned from incidents into security management processes; and
  • providing role-based HIPAA training.

The investigation and settlement demonstrate OCR’s commitment to enforcing HIPAA requirements, particularly under the Security Rule.