New York nonprofit healthcare organization hit with $200K HIPAA fine


https://www.beckershospitalreview.com/cybersecurity/new-york-nonprofit-healthcare-organization-hit-with-200k-hipaa-fine.html

Image result for HIPAA data breach

 

The Arc of Erie County, a Buffalo, N.Y.-based nonprofit that serves people with developmental disabilities, agreed to pay a $200,000 penalty to the state of New York to resolve allegations it violated HIPAA in a yearslong data breach.

As part of the settlement, Arc of Erie County is required to conduct a thorough risk analysis of vulnerabilities of all electronic equipment and data systems, as well as review its policies and procedures. It must submit a report on its findings to the Attorney General’s Office within 180 days of the settlement.

“The Arc of Erie County’s work serves our most vulnerable New Yorkers — and that comes with the responsibility to protect them and their sensitive personal information,” New York Attorney General Barbara Underwood said in a news release. “This settlement should provide a model to all charities in protecting their communities’ personal information online.”

In early February 2018, Arc of Erie County learned clients’ personal information — including full names, Social Security numbers, gender, race, primary diagnosis codes, IQ scores, insurance information, addresses, phone numbers, dates of birth and ages — was exposed on its website.

An investigation determined the information had been publicly accessible in spreadsheets since July 2015 and 3,751 clients were affected. The webpage was intended only for internal use, but the investigation noted several unauthorized third parties accessed the datasets on numerous occasions. Officials said there is no evidence of malware on the system or ongoing communications with outside IP addresses.

The organization notified all affected individuals in March, and it offered them one year of free identity theft protection services.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.