[ Tuesday, January 02, 2018 ]


21st Century Oncology: An oncology practice with offices in 17 states and 7 Latin American countries has paid $2.3 million for HIPAA violations.  The FBI found their patient files on the dark web; apparently someone was able to access their SQL database remotely and extracted data on 2,213,597 patients, including social security numbers.  Not sure if the breach was the cause, but 21st Century Oncology filed for bankruptcy back in May.

What's the actual HIPAA breach?  Lack of a good risk assessment, failure to implement proper safeguards, no regular review of audit logs, and failure to have appropriate BAAs.  The first and last are by far the most common causes of HIPAA breaches, and the 2nd and 3rd could have been prevented in the first had been done reasonably well. 

When was your last serious risk assessment? 

Jeff [10:57 AM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template