Publicly traded hospital operator Community Health Systems admitted in a Security and Exchanges Commission filing that names, Social Security numbers and addresses for 4.5 million patients were compromised by cyberattackers from April to June of this year.
According to statistics maintained by the U.S. Office of Civil Rights, this ranks as the second largest theft of patient data ever.
The Health Insurance Portability and Accountability Act (HIPAA) oversees protection of such personal data. There is no theoretical maximum fine for a HIPAA breach, though any individual violation is capped at $1.5 million.
This incident can serve as a reminder to all healthcare entities that data security cannot be overlooked. HIPAA compliance is a crucial issue for the entire industry. Liability for compliance extends beyond healthcare companies to all “business associates” of these entities who handle protected health information.
To view a list of CHS hospitals and clinics, visit this link.
If HIPAA compliance is among your company’s concerns, discuss with our consultants how to protect yourself and your data.