HIPAA fines caused by stolen laptops

Featured image

Share this article

HIPAA Fines caused by Stolen Laptops - Paubox

Since 2012, the U.S. Department of Health and Human Services (HHS) has issued large monetary fines for violations of the HIPAA Privacy Rule. Some of its biggest fines, in fact, have been due to stolen laptops. In several instances, a single stolen laptop led to fines in excess of $1,000,000.

In this post, we’ll explore four instances in which stolen laptops lead to HIPAA fines. We’ll also discuss why a stolen laptop can incur such heavy penalties.

HIPAA fines logo

1) A Stolen Laptop in Massachusetts costs $1.5 Million

On 17 September 2012, a HIPAA entity in Massachusetts agreed to pay a $1,500,000 fine to settle HIPAA Privacy Rule violations. The cause of the fine? The theft of a single unencrypted laptop containing electronic protected health information (ePHI).

2) A Stolen Laptop in Idaho costs $50K

On 2 January 2013, a HIPAA entity in Idaho agreed to pay a $50,000 fine to settle violations of the HIPAA Privacy Security Rule. The cause of the investigation and subsequent fine was due to a stolen laptop computer containing unencrypted data of 441 patients.

3) $1.7 Million Fine for a Stolen Laptop in Missouri

On 22 April 2014, Concentra Health Services agreed to pay a $1,725,220 fine to settle HIPAA Privacy violations. An investigation by HHS was initiated after receiving word that an unencrypted laptop was stolen from one its offices. Even though the laptop was in an office, the fact its data was unencrypted triggered a hefty HIPAA fine.

4) Laptop Stolen from a car in Arkansas costs $250K

In February 2012, a HIPAA entity in Arkansas agreed to pay a $250,000 settlement for HIPAA Privacy violations. Again, the root cause of the fine was an unencrypted laptop being stolen from a car. The laptop contained, in unencrypted format, electronic protected health information of 148 patients.

HIPAA Fines and Stolen Laptops

The total sum of HIPAA fines paid by these four HIPAA entities came out to $3,525,220. In other words, the data shows it costs an average of $881,305 in HIPAA fines for a single stolen laptop.

What can be done?

We recommend a two-pronged approach to avoid such high HIPAA fines for stolen laptops. First, make sure every laptop in your organization has an encrypted hard drive. As the case in Missouri proved, even if a laptop never leaves the office, it can still be stolen and fines can still be issued.

Microsoft provides BitLocker for free with certain versions of Windows. You can read our post “Free Windows Encryption tools for HIPAA Compliance” for more information.

The MacOS also includes a utility called FileVault 2 to encrypt the contents of a hard drive. You can read our post on it: “Free Disk Encryption for Mac OS.

Secondly, it’s apparent in today’s society that users, regardless of profession, will take their work home with them. Just like everyone else, users within HIPAA entities need secure access to their data anytime, anywhere.

That’s where Paubox can come in- we are a HIPAA compliant email solution. You can use Paubox to store and share electronic protected health information (ePHI). In addition, each Paubox plan comes with a Business Associate Agreement. We understand the HIPAA landscape and we are here to help with your compliance needs.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Hoala Greevy

Founder of Paubox. Kayak fishing when I can. Native Hawaiian CEO.

Read more by Hoala Greevy

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022