HIPAA Blog

[ Sunday, September 27, 2020 ]

Permera, the biggest insurer in Alaska and Hawaii, suffered a phishing attack that managed to install advanced persistent threat malware, resulting in the breach of PHI of over 10 million people, including social security numbers, bank account numbers, and health informtion. Being a victim isn't a HIPAA problem, unless you become a victim by your own fault. Here, Permera had not conducted an enterprise-wide risk analysis, and had no risk managment plan. Those are the facts that account for the size of the fine, not the fact that hackers got in (although, if they had a risk analysis and risk managment plan, they might've limited the damage from the hack, or even prevented it.

Jeff [11:17 AM]

Comments: Post a Comment

http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template