Oklahoma State University – Center for Health Sciences (OSU-CHS) has just paid a whopping $875,000 HIPAA fine for a web server hacking incident.
OCR investigation and ruling of hacking incident
The Office for Civil Rights (OCR) investigated the incident and ruled that multiple areas of HIPAA noncompliance occurred when operational or environmental changes took place that affected the security of electronic protected health information (ePHI).
Covered entities must conduct an internal evaluation checking on the security of PHI whenever there is a change in the security environment or operations. We at Paubox are very sorry to hear of healthcare data breaches. Our mission is to protect healthcare from the rampant cybersecurity attacks today, while keeping outbound email HIPAA compliant.
Read on to find out what happened at OSU-CHS and how Paubox can help your organization not make the next headline.
READ MORE: PAUBOX SOLUTIONS - HITRUST CSF CERTIFIED AND HIPAA COMPLIANT OUTBOUND MAIL WITH PATENTED INBOUND SECURITY
OSU-CHS failed to implement appropriate audit controls. Unfortunately, there were failures in security incident response and reporting. The failures resulted in 279,865 individuals' PHI being disclosed. The incident happened on November 7, 2017. OSU-CHS reported the incident to OCR on January 5, 2018.
OSU-CHS settles HIPAA penalty
OCR determined there were potential violations of seven provisions of the HIPAA Rules, and the widespread noncompliance warranted a financial penalty. It agreed to settle with OSU-CHS for a whopping $875,000 HIPAA fine. OSU-CHS will be monitored for HIPAA compliance and must adhere to its corrective action plan for two years.
HIPAA-regulated entities must remain fully compliant with the HIPAA RulesThe fact is that healthcare IT is a target for cybercrime. And the numbers are staggering. It is a significant risk to not have software and systems in place that keep your organization as secure as possible from a data breach. If you don't have inbound and outbound email security in place, it's not a matter of if an attack will happen; it's is a matter of when.
Leaving your cybersecurity to chance is high risk
If OSU-CHS had been complying with HIPAA, the data breach might have been prevented. "HIPAA-covered entities are vulnerable to cyberattackers if they fail to understand where ePHI is stored in their information systems," said OCR Director Lisa J. Pino. "Effective cybersecurity starts with an accurate and thorough risk analysis and implementing all of the Security Rule requirements."
Paubox Solutions ensure HIPAA compliant and secure inbound and outbound email for healthcare
HITRUST CSF certified and secure email
HIPAA compliant email
70 million HIPAA compliant emails secured each month
No training needed
Sets up in under an hour
Sends HIPPA compliant email from Microsoft and Gmail
Prevents user error when sending encrypted email
Don't leave your job, your organization, and the privacy of your patients to chance.
We are your ally in the cyberwar against healthcare. Sign up for a free trial today and protect your organization now.
HITRUST CSF certified 4.9/5.0 on the G2 Grid Paubox secures 70 million HIPAA compliant emails every month.