The University of Mississippi Medical Center (UMMC) has agreed to pay an astounding $2.75M fine to settle multiple HIPAA violations. This is the second multi-million dollar HIPAA fine so far this month.
The HIPAA investigation of UMMC occurred due to a breach of electronic protected health information (ePHI) that affected about 10,000 people. The breach was due to a stolen laptop. Because the laptop had a generic username and password, the laptop allowed an unauthorized party access to their network drives. These drives contained ePHI of approximately 10,000 patients. The HIPAA investigation also discovered that due to the widespread use of generic username and passwords, unauthorized users could easily join UMMC's wireless network and immediately access the same network drives.
Further HIPAA violations included:
- Failure to implement its policies and procedures to prevent, detect, contain, and correct security violations
- Failure to implement physical safeguards for all workstations that access ePHI to restrict access to authorized users
- Failure to assign a unique user name and/or number for identifying and tracking user identity in information systems containing ePHI
- Failure to notify each individual whose unsecured ePHI was reasonably believed to have been accessed, acquired, used, or disclosed as a result of the breach.
About Paubox Paubox is the easiest way to send and receive secure, HIPAA compliant email.