Skip to content

Data Breach: Health Provider to Pay AGs $5 Million -USA

Data Breach: Health Provider to Pay AGs $5 Million

Jurisdiction(s): United States – Alaska,Arkansas,Florida,Illinois,Indiana,Iowa,Kentucky,Louisiana,Massachusetts,Michigan,Mississippi,Missouri,Nebraska,Nevada,New Jersey,North Carolina,Ohio,Oregon,Pennsylvania,Rhode Island,South Carolina,Tennessee,Texas,Utah,Vermont,Washington State,West Virginia
Authority  StarStarStarStarStar
RiskGuidance  StarStarStar
ControlGuidance  StarStarStar
Industry:  Healthcare  |  BusinessActivity:  Understanding Enforcement Actions, Security – Technical Safeguards, Vendor Management, Breach Response

Compromise of the company’s administrative credentials resulted in exfiltration of 6.1 million individuals PHI over 237 HIPAA covered entities; a comprehensive information security program must be implemented and maintained that includes awareness and privacy training for all personnel that can access PHI, policies and procedures for use and audits of business associates, and written incident response plans.