The University of Mississippi Medical Center agreed to a $2.75 million settlement with the federal government for alleged violations of the Health Insurance Portability and Accountability Act (HIPAA).
Unsecured electronic health information on 10,000 people was breached when a laptop computer was found to be missing, according to the U.S. Department of Health and Human Services’ Office for Civil Rights.
OCR determined that UMMC was aware of vulnerabilities to its systems as far back as April 2005, yet no significant risk management activity occurred until after the breach. UMMC will also adopt a corrective action plan – including notifying the 10,000 patients individually about the breach.
On March 21, 2013, the Office of Civil Rights was notified of the breach after UMMC’s privacy officer discovered that a password-protected laptop was missing from UMMC’s Medical Intensive Care Unit. UMMC’s investigation concluded that it had likely been stolen by a visitor to the MICU who had inquired about borrowing one of the laptops.
OCR’s investigation revealed that users could access an active directory containing 67,000 files after entering a generic username and password.
BEFORE YOU GO…
… we’d like to ask for your support. More people are reading the Mississippi Business Journal than ever before, but advertising revenues for all conventional media are falling fast. Unlike many, we do not use a pay wall, because we want to continue providing Mississippi’s most comprehensive business news each and every day. But that takes time, money and hard work. We do it because it is important to us … and equally important to you, if you value the flow of trustworthy news and information which have always kept America strong and free for more than 200 years.
If those who read our content will help fund it, we can continue to bring you the very best in news and information. Please consider joining us as a valued member, or if you prefer, make a one-time contribution.Click for more info