MBJ staff
The University of Mississippi Medical Center agreed to a $2.75 million settlement with the federal government for alleged violations of the Health Insurance Portability and Accountability Act (HIPAA).
Unsecured electronic health information on 10,000 people was breached when a laptop computer was found to be missing, according to the U.S. Department of Health and Human Services’ Office for Civil Rights.
OCR determined that UMMC was aware of vulnerabilities to its systems as far back as April 2005, yet no significant risk management activity occurred until after the breach. UMMC will also adopt a corrective action plan – including notifying the 10,000 patients individually about the breach.
On March 21, 2013, the Office of Civil Rights was notified of the breach after UMMC’s privacy officer discovered that a password-protected laptop was missing from UMMC’s Medical Intensive Care Unit. UMMC’s investigation concluded that it had likely been stolen by a visitor to the MICU who had inquired about borrowing one of the laptops.
OCR’s investigation revealed that users could access an active directory containing 67,000 files after entering a generic username and password.