Athens Orthopedic Clinic pays $1.5 million to HHS’ Workplace for Civil Rights for potential Well being Insurance coverage Portability and Accountability Act violations, the company mentioned Monday.
In line with HHS, affected person data for greater than 200,000 folks might have been posted on the market on-line in June after a hacker used a vendor’s credentials to entry the Athens Orthopedic digital healthcare report system. The hacker informed Athens Orthopedic it could alternate a whole copy of the stolen database for a ransom fee.
“OCR’s investigation found longstanding, systemic noncompliance with the HIPAA privateness and safety guidelines by Athens Orthopedic together with failures to conduct a threat evaluation, implement threat administration and audit controls, preserve HIPAA insurance policies and procedures, safe enterprise affiliate agreements with a number of enterprise associates and supply HIPAA privateness rule coaching to workforce members,” the company mentioned in an announcement.
The Georgia-based supplier agreed to undertake a corrective motion plan to handle the problems that led to the safety breach, together with two years of monitoring.
“Hacking is the primary supply of enormous healthcare knowledge breaches. Healthcare suppliers that fail to observe the HIPAA safety rule make their sufferers’ well being knowledge a tempting goal for hackers,” OCR Director Roger Severino mentioned in an announcement.