HIPAA Breach Results in $2.3 Million Settlement

Posted by BAS - 08 October, 2020

header-picture

A HIPAA business associate providing IT and health information management to physicians and doctors in Tennessee impermissibly disclosed protected health information of more than 6 million individuals.

In April 2014, the Federal Bureau of Investigation notified CHSPSC LLC that it traced a cyberhacker’s threat to CHSPSC’s IT systems. Hackers used stolen administrative credentials to remotely access systems through VPN. Even after the FBI’s notice, the hackers continued to access information in the CHSPSC system through August 2014. Information relating to 6,121,158 individuals were impacted.

HHS investigated and found systemic noncompliance with the HIPAA Security rule, including failure to conduct a risk analysis, failure to have security procedures and failure to implement access controls.

CHSPSC must pay $2.3 million and implement a corrective action plan.

Topics: MyEnroll360 Security, HR & Benefit Plans, HR & Benefits News, Technology News


Recent Posts

Question of the Week - Mid-Year Election Change

read more

HR Departments As Prime Targets for Social Engineering

read more

Requesting COBRA Coupons

read more