Maryland Clinic Settles HIPAA Violations After Ransomware Attack
In February 2024, Green Ridge Behavioral Health (GRBH), a small behavioral health clinic in Maryland, reached a settlement with the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) following a ransomware attack that compromised the protected health information (PHI) of more than 14,000 patients. The clinic agreed to pay $40,000 and implement a comprehensive corrective action plan, highlighting the importance of robust data security practices in behavioral health care.
Background on the Incident
The ransomware attack, reported by GRBH in February 2019, involved the encryption of its network...
Check Out Our Other Articles
Two Truths and a Wake-Up Call: Medicaid Cuts, Treatment Intensity, and the Future of ABA - Live discussion today at 8 AM Eastern
The Real Impact of Medicaid Cuts on ABA Therapy: What Providers and Families Need to Know
Quality Is a Choice: What Treatment Intensity Says About Who We Are in ABA
3 Things We Thought Would Be Easier!
Celebrating Mothers (and Everyone Else Who Deserves a Break): 50% Off the ABA Business Leaders Platform This Weekend Only!
Experts, X-Rays, and Indiana Drama: Live discussion today at 9:00 AM Eastern
Who Gets to Speak in ABA—and What Does That Say About Us?
Indiana Is Back in the News: What ABA Providers Need to Know About the State’s Latest Push for Cost Controls
How Applied Behavior Analysis Can Improve Healthcare Systems
Dealing with workplace drama!
🧩 Trends, Truths & Turning Points: What’s Shaping Autism and Behavioral Health in 2025
Arkansas Mom Releases Powerful Children’s Book on Autism and Mealtime Struggles
“What are we really doing here?”: The Push to Standardize Quality in Autism Therapy
Behavioral Health Deal Volume Up 53% in Early 2025: What This Means for ABA Practices
The Growing Gap in Autism and IDD Care: Why the Industry Must Scale Ethically and Strategically
Should a BCBA Always Own the Clinic? Maybe Not.
Staff, Tariffs, and RFK Jr.: What ABA Companies Need to Know Right Now - Live today at 8 AM Eastern!
ABA Staff Turnover Is Still Out of Control — Here’s What the Data Says
How the New Tariffs Could Impact ABA Businesses (And What You Can Do About It)
RFK Jr.’s Autism Registry Proposal: Understanding the Implications for ABA Companies
How Margin Keepers Can Help You Master Payroll & Financial Planning
Quality over Quantity- Is more supervision always better?
Denials, Audits & Billing Headaches: ABA News Roundup – April 14, 2025
Nebraska Issues New ABA Medicaid Service Definitions Amid Federal Audit Scrutiny
Concerns Grow Over Insurance Misuse of Medically Unlikely Edits (MUEs) in ABA Therapy Denials
Federal Audit Finds $56 Million in Improper Medicaid Payments for ABA Therapy in Indiana
UnitedHealthcare’s Strategy to Limit ABA Therapy Raises Alarm in the Autism Community
It’s Time to Get Real: ABA Business Owner Burnout
From Policy Shifts to Legal Hits: ABA News Roundup – April 7, 2025 - Live event today at 11AM Eastern!
Texas Recognizes QABA® for Behavior Analyst Licensure
New York’s Proposed Medicaid Cuts Raise Concerns for Autism Services
Massachusetts Expands ABA Therapy Coverage to Children with Down Syndrome
Indiana’s Updated Medicaid Policy for ABA Therapy: What You Need to Know
Expanding to a Clinic? Do this first!
From Big Deals to Big Trouble: ABA Business News - March 31, 2025
The truth behind the client and staff cancellations
Top ABA Headlines
Local Owner Highlight- When to scale your ABA Business
Understanding the journey- Improving caregiver relationships with Melanie Thurston
How Effective Bookkeeping Ensures Payroll Stability and Helps You Retain ABA Staff
The Importance of Bookkeeping Services for ABA Business Owners
Mastering Marketing – Local Outreach Done Right
How to Scale Your ABA Business
You Just Closed Your ABA Company... Now What?
Building the Future of Small ABA Businesses – Join Us in This Mission
Red Flags in ABA Service Providers
Coaching Session- Discussing Onboarding with a New Owner
Would You Rather: Hiring in ABA
Grow your own BCBAs vs. hiring- What you need to know
Aligning Leadership with Values: Behavioral Intelligence in ABA with Dr. Paul Gavoni
ABA Accreditation: Compliance or Commitment to Quality?
AI meets clinical decision making- Using AI to improve patient outcomes- with Amanda Ralston
Comprehensive Updates to ABA Practice Handbooks: Enhanced Policies, Compliance, and ACQ Standards Integration
Leadership in ABA: Building Values, Managing Relationships, and Driving Progress with Martin Myers
Leadership, transparency, and collaboration in ABA organizations, with Jennifer Heidt
Building Better Care; Public Policy and Staff Empowerment
Free RBT Training for Your ABA Team This Holiday Season!
Innovating ABA Practice with AI Solutions
How can we help? Using ACT with Meg Solomon.
Building Resilience in ABA Practices: Lessons in Staffing, Billing, and Growth
Flash Sale: 6 Months Free Access to Our ABA Business Leaders Training Platform for 25 Companies!
I Hate My Job: Exploring Real Solutions
I Hate My Job: Reaction to Posts
I Hate My Job: Real Stories of Ethical Dilemmas in ABA
Introducing the New ABA Business Leaders Training Platform
I Hate My Job: Voicing the Frustrations of ABA Professionals
Introducing Our New Self-Paced Courses: Revenue Cycle Management & Effective Hiring with Indeed
CPABA Conference: A Path Forward for the Field - Get a 10% Discount!
Empower & Thrive: Registration Extended Until October 7 - 50% off!
Exciting New Coaching Opportunity for 3 Pie Squared ABA Business Leaders!
Free Download! Discover Essential Tax Compliance Tips with MarginKeepers
Why Stephen is Excited About the CPABA Conference 2024 - Discount just for you! -
3 Pie Squared Partners with Happy Medium RBT to Offer a Revolutionary 40-Hour RBT Training
Maximizing Recruitment with Indeed: How to Find the Right Candidates Without Breaking the Bank
Empathetic Leadership in ABA: Supporting Our Techs
Five Weeks of Wisdom: Bite-Sized Insights from 3 Pie Squared
Introducing the ABA Business Leaders Training Platform
Free Download! Boost Your Established ABA Practice with MarginKeepers' Essential Accounting Tips
Inside the World of ABA Audits and Legal Guidance with Kim Mack Rosenberg, Esq.
Ethical Practices for ABA Testimonials and Reviews with Dr. Jon Bailey
Navigating Growth and Challenges in ABA Business with Alecia Barrett
For a limited time, buy any of our handbooks and get our Business Leaders Membership for 75% off!
Collaboration in ABA: Strengthening Connections Among ABA Business Owners
"I Hate My Job" Series Kickoff: Discussing Burnout and Unethical Practices in the ABA Field
Top Five Essentials for Your Company Policies
Discount Ends Tomorrow – Last Chance to Get 20% Off Our Comprehensive ABA Billing Training Series!
Mastering Digital Marketing for ABA Practices with Reece from Reputation Elevation
Navigating ABA Business Growth: Consultation with Alecia Barrett
Unlock Your Billing Potential: Our New ABA Billing Course and Free ABA Billing Tips!
Navigating Company Policies: A Blueprint for ABA Practices
Free Chart of Accounts: Optimize Your Bookkeeping with MarginKeepers
Safeguarding Integrity: Proactive Strategies to Mitigate Billing Fraud in ABA Therapy
Steering Clear of Fraud: Mastering Insurance Billing in ABA Practice
From Overwhelm to Strategy: The Journey of an ABA Business Leader
Beyond the Startup: Common Mistakes by Seasoned ABA Business Owners
Essential Elements of an Employee Handbook for ABA Practices
Don’t Do That!: Avoiding Common Missteps in Your ABA Practice
Pre-Hire Power: The Critical Importance of an Employee Handbook for ABA Practices
Integrating Art into ABA Therapy: A Conversation with Natasha Bouchillon
Why a Client Handbook is Crucial Before Starting ABA Services
🥧 Grab a Slice of Success: Pi Day Flash Sale! 🎉
Why Should I Get a Client Handbook Before I Start Seeing Clients?
Financial Insights for ABA Practices: Free Chart of Accounts from MarginKeepers!
Navigating Authentic Copywriting in ABA Services: Insights and Innovations
Big Changes to the Podcast!
Get Free Expert Consulting for Your ABA Business on Our Podcast – Apply Now!
Navigating the Credentialing Conundrum: Insights from ABA Leaders
Navigating ADA Compliance: Essential Insights for ABA Business Owners
Nurturing Success: The Interplay Between Company and Team Dynamics
🌟 Dive Into the World of Sleep with Dr. Emily Ice: A Podcast Episode Not to Miss 🌜
A little late but our update is here!
Maximizing Your ABA Practice’s Potential: The Power of Bookkeeping with MarginKeepers
33% Off ABA Business Leaders for the Next 25 People!
Client Hours Discussion with April, Mallory Stinger, and Jennifer Helton
Improving Quality Through Accreditation: A Discussion with Erick Dubuque, Director of ACQ
Optimize Your ABA Practice with the Case Load Utilization Tool - 50% until Friday!
Black Friday Special - Rate Negotiations 2.0 - Elevating Your Practice with Provider Rate Resources
Navigating Medical Necessity with Dan and Mike from ABA on Tap
Upcoming Podcast with Erick Dubuque, Director of ACQ & Exciting News on How We Can Help Companies Navigate This New Standard! 🌟🎙️
Partnering with MarginKeepers, Co.: A Game Changer for Your ABA Practice
Celebrate Canadian Thanksgiving with a Bang: 50% Off ABA Business Leaders Membership and Earn 33.5 CEUs!
Empowering Change: Insights from New BCBA Business Owners
Founding a Nonprofit Practice with Susan Habchy
ABA Business Amazon List
De-Stress & Avoid ABA Burnout with a Relaxing Post-Work Routine
Three Common Struggles of a New ABA Practice
Benefits of Outsourcing with 3 Pie Squared
Why 3 Pie Squared
The Essential List for a Successful Business
2019 Satisfaction Survey results
The Cost of RBT Turnover
What You Need to Know About HIPAA
Podcast with Dr. Becca Tagg
Run Your Therapy Business Like a Well-Oiled Machine!
How to Grow Your Practice
servers and electronic health records. This breach halted operations and exposed sensitive patient data, drawing the attention of federal regulators.
Although GRBH was a relatively small provider, the OCR found that it had failed to meet several core HIPAA compliance requirements. The case reinforces that no healthcare provider is too small to face the consequences of a security breach.
Findings from the Investigation
The OCR identified multiple HIPAA violations during its investigation, including:
- Failure to conduct a risk analysis: GRBH did not adequately assess vulnerabilities to electronic PHI.
- Inadequate risk management: The clinic lacked sufficient safeguards to reduce risks to patient data.
- Insufficient monitoring: GRBH did not have a system in place to routinely review access logs or track security events.
Terms of the Settlement
To resolve the alleged violations, GRBH agreed to a $40,000 payment and a three-year corrective action plan. The plan includes:
- Conducting a thorough and updated risk assessment
- Implementing a risk management strategy to address identified issues
- Updating HIPAA policies and procedures
- Providing workforce training on HIPAA compliance
- Reviewing third-party business associate agreements
- Reporting internal non-compliance to OCR
Why This Matters for ABA Providers
This case serves as a cautionary tale for all healthcare providers, including those in the Applied Behavior Analysis (ABA) field. Behavioral health clinics often handle highly sensitive patient data and are increasingly targeted by cybercriminals. The GRBH case shows that failing to proactively secure data and comply with HIPAA can result in both financial penalties and reputational damage.
ABA providers should take the following steps:
- Conduct regular, documented risk assessments
- Ensure staff are trained on HIPAA compliance and cybersecurity best practices
- Implement and monitor robust data protection measures
- Maintain active review systems for all information systems and access logs
Even small practices must take HIPAA compliance seriously. As this case shows, federal regulators expect all providers—regardless of size—to safeguard patient information with diligence and integrity.
