HIPAA Breach Results in $2.3 Million Settlement

Posted by BAS - 08 October, 2020

header-picture

A HIPAA business associate providing IT and health information management to physicians and doctors in Tennessee impermissibly disclosed protected health information of more than 6 million individuals.

In April 2014, the Federal Bureau of Investigation notified CHSPSC LLC that it traced a cyberhacker’s threat to CHSPSC’s IT systems. Hackers used stolen administrative credentials to remotely access systems through VPN. Even after the FBI’s notice, the hackers continued to access information in the CHSPSC system through August 2014. Information relating to 6,121,158 individuals were impacted.

HHS investigated and found systemic noncompliance with the HIPAA Security rule, including failure to conduct a risk analysis, failure to have security procedures and failure to implement access controls.

CHSPSC must pay $2.3 million and implement a corrective action plan.

Topics: MyEnroll360 Security, HR & Benefit Plans, HR & Benefits News, Technology News


Recent Posts

ACA and Documenting Offers of Coverage

read more

Question of the Week - Open Enrollment Requirement

read more

New #StopRansomware Guide: Strengthening Cybersecurity Defense

read more