A mental health services agency in Alaska was assessed a $150,000 fine from the Department of Health and Human Services. HHS found that the group did not properly safeguard electronic patient information.
The five location organization did not patch its systems and ran outdated, unsupported software. This led to a data breach impacting more than 2,700 individuals. The organization had written HIPAA security principals but the policies were not followed.
HHS said that updating software and implementing patches is common sense and necessary for identifying and addressing basic risks.