HIPAA Blog

[ Thursday, September 24, 2020 ]

 

 I should've noted this Monday when I found out, but news came out this week of a big fine for a HIPAA breach.  Athens Orthopedic first heard from a journalist from www.databreaches.net (that journalist would be my friend, the inestimable Dissent Doe, also known as @PogoWasRight on Twitter) that a notorious hacker group, that goes by the handle TheDarkOverlord or TDO, had access to their patient records and was pulling out data and selling it.  TDO promptly followed up with a ransomware demand.  

So why the big fine?  Athens Orthopedic had not done a risk analysis and had no HIPAA policies and procedures in place.  Would a risk analysis and cybersecurity plan have kept TDO out?  We'll never know for sure, but it might have, and that's enough.  

How's your cybersecurity?  Go grab a copy of your last risk analysis.  Is it over a year old?  Might want to consider an update.  What do you mean you can't find it?  You're sure you did one but just can't locate it?  That won't fly with OCR.  Got an extra million bucks for a fine?  


Jeff [8:23 AM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template