[ Monday, December 08, 2014 ]


$150,000 fine for Alaska Mental Health Agency's Failure to Protect ePHI: Malware on the computer system compromised data of 2,743 patients, but the bigger issue is the failure of the organization to keep its information systems up to date.  The malware apparently took advantage of security issues in the software for which patches had been issued, but the agency didn't keep track of patch management.  Basically, it's proof that adopting decent policies isn't nearly enough if you don't regularly make sure you've got reasonable risks covered.  The bulletin also pushes the HIT Security Rule Risk Assessment Tool: hint, hint, if you haven't reviewed this and compared your current security to what's in here, you're likely gonna get fined if there's a breach. 

Jeff [7:28 PM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template