The Largest Data Breach Settlement of All Time

 

Every second, nearly 45 data records are lost or stolen.

When this happens in a business, all of their records are put at risk.

This also puts the clients’ personal information at high risk.

Not only does it create distrust between the company and its customers, it also comes with a high price tag.

Unfortunately, data breaches happen all too often.

Advocate Health Care and the U.S. Department of Health and Human Services settled in what is called the largest settlement of all time.

The Largest Settlement to Date
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) settled at $ 5.5 million with Advocate Health Care.

Advocate Health Care violated the Health Insurance Portability and Accountability Act (HIPAA).

HIPAA protects personal health information from falling into the wrong hands. Health care providers are responsible for the safety of their patients’ private information.

Over 4 million patients’ personal information was stolen. This information includes their information, names, addresses and credit card numbers.

The Incidents

The exposure came after the first incident in August 2013. Four desktop computers were stolen from an Advocate Health office in Park Ridge, Illinois.

These computers contained the records of millions of local patients.

The second incident occurred in the period between June and August of 2013.

Hackers gained access to the network of billing service used by Advocate Health. This incident exposed the health records of over 2,000 patients.

On November 1, 2013, another breach occurred.

Yet another computer was stolen from a vehicle. This incident exposed 2,230 patients’ protected health information.

After Advocate reported these breaches, the HHS began an investigation.

The Findings

Laws are in place that require health providers to protect their patients’ health information.

The HHS found that Advocate Health violated these laws.

The OCR found that Advocate Health unsuccessfully:

researched the potential risks relating to the protection of protected health information
enacted policies and procedures to limit the access of electronic systems
safeguarded laptop computers that were kept in unlocked vehicles
The department found Advocate Health Care at fault for not securing a written contract from their billing subsidiary.

This written contract should have stated that it protected any electronic protected health information within its custody.

Advocate Health has responded, stating that:

“As all of the digital landscape and the impacts it has on evolution, we have enhanced our data encryption measures to prevent this type of incident from reoccurring.”

Conclusion
Advocate Health Care Network includes more than 250 treatment locations. This includes the ten hospitals and two children’s hospitals.

This makes it one of the largest healthcare providers in the state of Illinois.

Advocate Medical Group (AMG) is a branch of Advocate Health Care.

AMG provides primary care services, medical imaging, and specialty health care services.

This medical group services the greater Chicagoland area.

With new technology, data breaches are becoming more common than ever before.

This entry was posted in Uncategorized. Bookmark the permalink.