![dataloss logo](/images/dataloss-logo.png)
BreachExchange mailing list archives
CHS associate pays $2.3M HIPAA settlement: 4 details
From: Destry Winant <destry () riskbasedsecurity com>
Date: Thu, 24 Sep 2020 09:23:09 -0500
https://www.beckershospitalreview.com/cybersecurity/chs-associate-pays-2-3m-hipaa-settlement-4-details.html A Community Hospital Systems' entity that provides business associate services to hospitals and clinics agreed to settle violations related to a potential HIPAA breach for $2.3 million. Four details: 1. CHSPSC will pay the Office for Civil Rights $2.3 million and adopt a corrective action plan to settle allegations it violated HIPAA. The company provides IT, health information management and other services to the hospitals and clinics owned by Franklin, Tenn.-based CHS. 2. The FBI noticed a cyberhacking group posed an advanced persistent threat to CHSPC's information system in April 2014 and gave notice to the company. However, the hackers were still able to access the company's system. 3. The hackers exfiltrated protected health information for 6.1 million people in August 2014 and used the compromised administrative credentials to remotely access the company's information systems through a virtual private network. 4. An ORC investigation found longstanding, systemic noncompliance with HIPAA's rules and the company failed to conduct a risk analysis and implement access controls. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- CHS associate pays $2.3M HIPAA settlement: 4 details Destry Winant (Sep 24)