HIPAA Journal Cost of a Breach
Highlights From The HIPAA Journal
From the July 27th Newsletter
The HHS has imposed a $1,040,000 HIPAA penalty on Lifespan ACE
- In 2017, the parent company of Lifespan ACE had a breach report created due to the theft of an unencrypted laptop. The laptop was left in a car in a parking lot that contained PHI and was broken in to.
- There was over 20,400 patients that were affected by this attack.
- Due to compliance failures which were associated with no business associate agreements between their parent company and healthcare provider affiliates, Lifespan ACE was fully responsible for the PHI being stolen.
- Lifespan ACE agree to settle the case and pay the financial penalty.
2020 Cost of Data Breach Report from IBM Security
- Healthcare breaches were the highest cost resolve.
- The average cost of a healthcare data breach was $7.13 million globally and $8.6 million in the United States.
Republican Senators propose cash injection
- A cash injection of $53 million for the DHS CISA was proposed to help limit vulnerabilities and enhance Federal network security to protect COVID-19 related research agencies.
- The new legislation would make $306 billion available.
Recent cyber/ransomware attacks related to the Healthcare industry
- The University of Utah experienced a phishing attacks that affected over 10,000 patients. Unauthorized access to employee emails was granted in the beginning of 2020 and lasted for over four months.
- Highpoint Foot and Ankle Center (PA) suffered a ransomware attack in May of this year where 25,554 patients had information potentially compromised.
- Due to looting and vandalism incidents in May and June of 2020, CVS informed patients that their information was potentially compromised. Over 21,000 individuals were likely affected by this attack.
- Beaumont Health in Michigan had notified over 6,000 patients that their information was potentially compromised due to a phishing attack.