Athens Orthopedic Pays OCR $1.5M Over Systemic HIPAA Noncompliance
The Office for Civil Rights reached a settlement with the Athens Orthopedic Clinic for $1.5 million over a 2016 data breach caused by the notorious hacking group known as “thedarkoverlord” (TDO). The OCR audit into the security incident revealed systemic noncompliance with the HIPAA rule.
Before the recent rise in double extortion attempts led by ransomware hacking groups like Maze and NetWalker, TDO wreaked havoc on the healthcare sector in 2016. Primarily targeting the healthcare sector, TDO would hack into targeted networks to then sell access on the dark web or extort the provider for a financial payout.
TDO stole the data of more than 655,000 patients, including...