Lack of email security causes $750K fine

The University of Washington Medicine (UWM) has recently agreed to settle charges that it potentially committed HIPAA violations. UWM's lack of email security resulted in a $750K settlement with the Office of Civil Rights (OCR), part of the Health and Human Services (HHS), as the result of a phishing attack.

The U.S. Department of Health and Human Services Office of Civil Rights (OCR) initiated its investigation of UWM on November 27th, 2013 when it received a breach notification. The breach report detailed that a UWM employee downloaded an email attachment that contained a malicious malware, one of the more common ways email gets hacked. This malware eventually infected all of UWM's systems compromising the e-PHI of over 90,000 individuals. Information such as patient names, medical records, billing information, social security number, and demographic identifiers were exposed. The investigation revealed that the attack could have been prevented had UWM and it's affiliates updated their risk assessment and added safeguards. Cyber attacks on healthcare systems are not slowing down anytime soon, in fact they will only increase. Healthcare data is too valuable to hackers. Considering that this particular attack originated from an email download, all healthcare organizations must take steps to protect their email systems through technology and training. Not surprisingly healthcare has been slow to adopt robust email encryption and security standards that other industries have already implemented. Paubox is the only provider of true seamless HIPAA compliant email encryption. Instead of the hassle of using portals, users can just write and send email as normal from any device. Not only does Paubox encrypt and host emails, but Paubox Email Suite also features full malware, virus, spam, and phishing protection.