[ Monday, December 08, 2014 ]
$150,000 fine for Alaska Mental Health Agency's Failure to Protect ePHI: Malware on the computer system compromised data of 2,743 patients, but the bigger issue is the failure of the organization to keep its information systems up to date. The malware apparently took advantage of security issues in the software for which patches had been issued, but the agency didn't keep track of patch management. Basically, it's proof that adopting decent policies isn't nearly enough if you don't regularly make sure you've got reasonable risks covered. The bulletin also pushes the
HIT Security Rule Risk Assessment Tool: hint, hint, if you haven't reviewed this and compared your current security to what's in here, you're likely gonna get fined if there's a breach.
Jeff [7:28 PM]
http://www.blogger.com/template-edit.g?blogID=3380636
Blogger: HIPAA Blog - Edit your Template