Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

2 min read

OSU-CHS pays a whopping $875,000 HIPAA fine

OSU-CHS pays a whopping $875,000 HIPAA fine

Oklahoma State University – Center for Health Sciences (OSU-CHS) has just paid a whopping $875,000 HIPAA fine for a web server hacking incident.


OCR investigation and ruling of hacking incident

The Office for Civil Rights (OCR) investigated the incident and ruled that multiple areas of HIPAA noncompliance occurred when operational or environmental changes took place that affected the security of electronic protected health information (ePHI).

Covered entities must conduct an internal evaluation checking on the security of PHI whenever there is a change in the security environment or operations. We at Paubox are very sorry to hear of healthcare data breaches. Our mission is to protect healthcare from the rampant cybersecurity attacks today, while keeping outbound email HIPAA compliant.

Read on to find out what happened at OSU-CHS and how Paubox can help your organization not make the next headline.


OSU-CHS failed to implement appropriate audit controls. Unfortunately, there were failures in security incident response and reporting. The failures resulted in 279,865 individuals' PHI being disclosed. The incident happened on November 7, 2017. OSU-CHS reported the incident to OCR on January 5, 2018.


OSU-CHS settles HIPAA penalty

OCR determined there were potential violations of seven provisions of the HIPAA Rules, and the widespread noncompliance warranted a financial penalty. It agreed to settle with OSU-CHS for a whopping $875,000 HIPAA fine. OSU-CHS will be monitored for HIPAA compliance and must adhere to its corrective action plan for two years.


HIPAA-regulated entities must remain fully compliant with the HIPAA Rules

The fact is that healthcare IT is a target for cybercrime. And the numbers are staggering. It is a significant risk to not have software and systems in place that keep your organization as secure as possible from a data breach. If you don't have inbound and outbound email security in place, it's not a matter of if an attack will happen; it's is a matter of when.


Leaving your cybersecurity to chance is high risk

If OSU-CHS had been complying with HIPAA, the data breach might have been prevented. "HIPAA-covered entities are vulnerable to cyberattackers if they fail to understand where ePHI is stored in their information systems," said OCR Director Lisa J. Pino. "Effective cybersecurity starts with an accurate and thorough risk analysis and implementing all of the Security Rule requirements."


Paubox Solutions ensure HIPAA compliant and secure inbound and outbound email for healthcare

  1. HITRUST CSF certified and secure email

  2. HIPAA compliant email

  3. 70 million HIPAA compliant emails secured each month

  4. 4,000 customers

  5. No training needed

  6. Sets up in under an hour

  7. Sends HIPPA compliant email from Microsoft and Gmail

  8. No portals

  9. No plug-ins

  10. No passcodes

  11. Prevents user error when sending encrypted email

Don't leave your job, your organization, and the privacy of your patients to chance.

We are your ally in the cyberwar against healthcare. Sign up for a free trial today and protect your organization now.


Try Paubox Email Suite Plus for FREE today.


HITRUST CSF certified 4.9/5.0 on the G2 Grid Paubox secures 70 million HIPAA compliant emails every month.


Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.