HIPAA Violations Could Cost Your Organization Millions of Dollars in Fines
The Department of Health and Human Services may have eased up on some HIPAA regulations during the pandemic, especially with regards to telehealth. However, there are still companies dealing with violations from three to five years ago B.C. (before COVID-19) who are resolving their violations today — in a costly manner.
In January, Excellus Health Plan, Inc. agreed to pay $5.1 million to the Office for Civil Rights at HHS and to implement a corrective action plan to settle potential HIPAA violations related to a breach affecting over 9.3 million people. Excellus Health Plan provides health insurance coverage to over 1.5 million people in Upstate and Western New York.
Excellus Health Plan filed a breach report in September 2015 stating that cyberattackers had gained unauthorized access to its IT systems. Excellus also reported that the breach began on or before December 23, 2013 and ended on May 11, 2015. The hackers installed malware and conducted reconnaissance activities that ultimately resulted in the impermissible disclosure of the protected health information of more than 9.3 million individuals, including their names, addresses, dates of birth, email addresses, Social Security numbers, bank account information, health plan claims and clinical treatment information.
OCR’s investigation found potential violations of the HIPAA rules including failure to conduct an enterprise-wide risk analysis, and failures to implement risk management, information system activity review and access controls.
Along with the monetary settlement, Excellus Health Plan will undertake a corrective action plan that includes two years of monitoring.
Don’t become the next victim of a cyberattack that could cost your business millions of dollars in downtime and fines! Partner with 2W Tech for all your cybersecurity needs. We have a robust Cybersecurity Compliance Program that will keep your company compliant with your specific industry’s regulations. Call us today.