A Cautionary Tale: Mass Eye and Ear Hit with $1.5 Million Dollar Penalty

By Jeffrey Jones News & Announcements September 19, 2012

September 19, 2012

Well, It looks like the HIPAA Enforcement Boys and Girls are getting serious. Mass Eye and Ear and Harvard Medical School were hit with a $1.5 Million Dollar Fine all stemming from the loss of one unencrypted laptop. The laptop was stolen or lost by a physician.

The problem, according to reports is that after they reported the loss of information, the HHS OCR came in and found them non-compliant in six areas and of not complying to the HIPAA Security Rule.

(In my humble opinion about 80 Percent of Hospitals are run this way.)

Along with the fine they will need to spend money addressing all the issues and have an Independent Monitor submit semi-annual reports to HHS.

So every time I speak to a Health Care CIO who says they are planning to do a Risk Analysis and Policy Review, but are just to busy virtualizing the Server Infrastructure.

I say Beware!

Link to HHS Press Release

http://www.hhs.gov/news/press/2012pres/09/20120917a.html

exploitation

Jeffrey Jones / About Author

Jeff Jones is a Cyber Security Architect and Ethical Hacker for Topgallant Partners. He has been in Data Communications for over 35 years. He responsible for all day-to-day operations, technical consulting, and security design for Topgallant.

His expertise is in Security Program Design, Security Risk Analysis and Assessment and Cyber Security Testing to include Penetration Testing, Vulnerability Testing, Social Engineering, Phishing, Wi-Fi Exploitations, Password Cracking, Man-in-the Middle Attacks and Web Application Hacking.

He has a M.A. in Computer Resources Management from Webster University and a B.A. in Journalism from Purdue University. He is also a terrible golfer.