The United States Department of Health and Human Services has handed down a hefty fine to the Pennsylvania-based Heritage Valley Health System over violations of the Health Insurance Portability and Accountability Act (HIPAA).

The fine follows an investigation into a ransomware attack on the healthcare provider in 2017.

The Department of Health and Human Services found that the Heritage Valley Health System failed to conduct a proper risk analysis of the data it was holding and how it was stored and did not have a proper contingency plan in place in case of such an attack. Nor did the organisation have a properly implemented user access policies in place.

