HIPAA Breach Results in $2.3 Million Settlement

Posted by BAS - 08 October, 2020


A HIPAA business associate providing IT and health information management to physicians and doctors in Tennessee impermissibly disclosed protected health information of more than 6 million individuals.

In April 2014, the Federal Bureau of Investigation notified CHSPSC LLC that it traced a cyberhacker’s threat to CHSPSC’s IT systems. Hackers used stolen administrative credentials to remotely access systems through VPN. Even after the FBI’s notice, the hackers continued to access information in the CHSPSC system through August 2014. Information relating to 6,121,158 individuals were impacted.

HHS investigated and found systemic noncompliance with the HIPAA Security rule, including failure to conduct a risk analysis, failure to have security procedures and failure to implement access controls.

CHSPSC must pay $2.3 million and implement a corrective action plan.

Topics: MyEnroll360 Security, HR & Benefit Plans, HR & Benefits News, Technology News

Recent Posts

Question of the Week - COBRA After Dependent Eligibility Audit

read more

Updating Compliance: The FTC Enhances Health Breach Notification Rules for Non-HIPAA Entities

read more

Dependent Eligibility Audits

read more