Price of Stolen USB Drive? Just $2.2 Million

A stolen unencrypted USB drive led to a $2.2 million settlement and a Resolution Agreement. The Department of Health and Human Services Office for Civil Rights (OCR) announced on January 18th a settlement with MAPFRE Life Insurance Company of Puerto Rico (“MAPFRE”) after an unencrypted USB data storage device containing records of approximately 2,200 individuals was stolen from MAPFRE’s IT Department after being left unsecured overnight.  OCR also alleged that MAPFRE did not follow through on representations to OCR regarding its risk analysis and other compliance efforts.

An OCR investigation revealed alleged noncompliance with various HIPAA provisions, including failure to conduct …Read More

Do You Know Who Your Employees Are?

Insider threat is becoming one of the largest threats to organizations and some cyberattacks may be insider-driven.  Although all insider threats are not malicious or intentional, the effect of these threats can be damaging to a Covered Entity and Business Associate and have a negative impact on the confidentiality, integrity, and availability of its ePHI.  According to a survey recently conducted by Accenture and HfS Research, 69% of organization representatives surveyed had experienced an insider attempt or success at data theft or corruption.  Further, it was reported by a Covered Entity that one of their employees had unauthorized access to …Read More

12 healthcare ransomware attacks of 2016

Ransomware isn’t a new phenomenon, but its growth throughout 2016 has made its prevalence known throughout the healthcare industry.

In fact, a July 2016 report showed the healthcare industry is hit significantly harder by ransomware than any other sector — approximately 88 percent of attacks hit hospitals.

Here are 12 healthcare-related ransomware attacks reported by Becker’s Hospital Review this year, beginning with the earliest.

1. In January, Mount Pleasant, Texas-based Titus Regional Medical Center was hit with a ransomware attack that prevented the hospital’s access to computer files.

2. In February, hackers shut down the IT systems of Hollywood (Calif.) Presbyterian Medical Center and demanded …Read More