You are here
Home > News > Information Security > Diagnostic Medical Imaging Company Pays $3 Million to Resolve Potential HIPAA Violations Stemming from Data Breach

Diagnostic Medical Imaging Company Pays $3 Million to Resolve Potential HIPAA Violations Stemming from Data Breach

Imagine your private healthcare information appearing on a Google search…:

The Office of Civil Rights (OCR), the enforcement arm of the Department of Health & Human Services (HHS), announced that a Tennessee diagnostic medical imaging services company has agreed to pay $3 million to settle potential HIPAA violations arising from a data breach that exposed over 300,000 patients’ protected health information. As part of the settlement, the company—Touchstone Medical Imaging (Touchstone)—must also adopt a corrective action plan to address problems uncovered during OCR’s investigation.

In May 2014, Touchstone was notified by the Federal Bureau of Investigation (FBI) and OCR that one of its servers allowed uncontrolled access to its patients’ protected health information (PHI). This permitted search engines (such as Google) to index the PHI of Touchstone’s patients, which remained visible on the Internet even after the insecurely configured server was taken offline. Although Touchstone initially claimed that no patient PHI was exposed, it subsequently admitted during OCR’s investigation that the PHI of more than 300,000 patients was exposed, including names, birth dates, addresses, phone numbers, and some social security numbers.

[…]

Read the original article here

Peter Glock
Over 30 years of designing, building and managing telecoms and IT services. Primarily working with large enterprise and professional services businesses in Asia, North America, continental Europe and the UK. Information security professional, secret physics nerd.
https://brownglock.com

Similar Articles

Leave a Reply

Top
%d bloggers like this: