$3 Million Fine Issued for PHI Breach of Over 300, 500 Patients

Remain Calm, Remain Honest – and Remain in Business

Avoiding the inevitable does not make it go away.

Healthcare patients choose a provider based on the quality of care.  In addition to that, the public will generally assume that their private information is safeguarded and not something that they need to verify or investigate before choosing that specific provider.  By alerting them to something they assumed to be a non-issue, it is understandable to be concerned about the loss of business.  However, credit reporting agency Experian has recently found that this churn can be kept to a minimum with the proper response plan.

In July 2019, Experian surveyed 1,000 adults in the United States and found that 90% of those surveyed would be somewhat forgiving if they were informed promptly as a result of an organized communication plan being in place by their provider.  Previous studies by Experian identify numbers that are more of a red flag to all parties.

It is in these studies that they found that only 34% of all breached response plans include some form of customer notification and that those plans are in place for only 52% of companies.  So, the few that are ideally prepared have a greater chance of survival, and those who aren’t prepared have a full stack of odds against them.

How Can the Risks Be Lowered?

Have a breach response plan in place.  This should be created by someone who knows their way around a breach and is ideally certified to assist with creating such a plan.  Additionally, have cyber insurance as part of your in-place plan.  This will allow you to call upon experts in the event that a (very likely) breach does occur.  And as we identified above, ensure that your breach plan includes client communication.

Even if you don’t have all of the answers immediately, letting them know that you are aware of the breach and will keep them updated will go a long way.  This increases the trust between you and your patients and makes it more likely that they will stay with your business following an incident.

66% of those surveyed would leave a practice due to slow or poor communication – don’t let this happen to your organization. It is better to be truthful up front than have to explain why you were dishonest in the past. People can accept mistakes, but they are less likely to accept being deceived.

The post Does Your Breach Response Plan Include Notification? appeared first on HIPAA Secure Now!.

Identity Thievery Programs Enable You To Defend Yourself From Id Theft


Because of the rise of id theft occurrences being reported yearly, many organizations are applying their very own id theft programs to supply citizens education to battle this spiteful crime. Since being a victim of id theft could be a existence-altering experience, both emotionally and financially, understanding how to prevent the appearance of this crime through id theft programs will help you as well as your families live an ordinary and happy existence without another person meddling with your own personal information.

Even though the government has worked night and day to battle id theft, busting these crooks might take many years, or sometimes, they even live their very own lives without having to be caught. Because of this, different private and public banking institutions with id theft programs, like the Federal Trade Commission’s “AvoID Thievery: Deter, Identify, Defend”, are educating individuals to avoid id theft while giving help individuals who’ve victimized.


FTC’s National Id Theft Program

Because the U . s . States has got the greatest rate of id theft compared abroad, the Federal trade commission has worked fulltime to distribute on the internet and print informational materials to make sure all consumers know about this crime. With more than 20 million copies from the information guide distributed, the Federal trade commission id theft program is reaching one household at any given time to lessen the appearance of id theft in the united states.

Private organization which help consumers fight id theft will also be while using Federal trade commission id theft program to empower citizens in protecting themselves from the damages brought on by this crime. The “Deter, Identify and Defend” Program educates people and links with other organizations both in public and private sectors including police force agencies, consumer groups, federal agencies along with other trade associations to provide consumers choices on where to inquire about help.

The Federal trade commission id theft program releases an informational package for those organizations fighting id theft which include a how-to guide with instructions on educating customers to aid organizations facilitate outreach programs. Additionally, it features a sales brochure these organizations can certainly reproduce to provide to individuals who attend workshops and education sessions. To capture the amount of damage id theft may cause an individual’s existence, a ten-minute video of victims can also be incorporated within the program to describe to individuals how you can fight this crime.

While using Federal trade commission id theft program might help other organizations hold workshops and distribute educational materials about fighting id theft. Since education may be the only answer to staying away from this crime, consumers is now able to aware regarding how to identify these complaints and take immediate actions when they be a victim of id theft.


Warning – You’ve Been DataMined!



It impacts vast sums people every day when we’re blissfully not aware.

Today’s high-tech world is drowning in data but is starved for understanding. Data mining is the quest for significant patterns and trends. It is also been known as poor people stepchild to statistcial analysis.

To provide you with a good example you want to target to purchase food and also you make use of your store card for discounts and fast checkout. It provide the store an eye on how frequently you shop, what foods you want and also at what prices within this situation it is a win-win situation. This continues thoughout your entire day while you bank visit the mall, service station, and so forth.

However details are more and more collected without your understanding or consent. “Black Boxes” how big cigarette packs happen to be set up in 40 million vehicles to watch speed, seatbelt use, and much more. Only 5 states currently require the buyer be advised of the fact.


The trade-off is somone has an eye on where and when you drive,your food intake, what over-the-counter medications you purchase,regardless of whether you smoke or otherwise,in which you fly with whom, what you love to read watching and put money into.

Anyone item isn’t invasive however when birth certificates, credit histories, property deeds, military records, and insurance claims are pulled together it paints a really intimate picture. Increase the mix that an average joe is viewed by surveillence cameras 75X each day.


Previously decade a surge of technologies have occurred and also the pressing appetite of marketers for details about consumers makes data collection less voulutary and much more worrisome.

Data mining is very large business. Companies vacuum up data from private and public records, aggragate it evaluate it then sell it to buyers varying from private companies towards the CIA. If the error exists there’s no understanding from you as a result it can not be fixed.

Data thefts are rising incorporated are banks, charge card companies, and also the greatest from the data brokers Choicepoint. When their records were breach they left huge numbers of people prone to id theft.

In conclusion technologies are not going anywhere soon so we love convience but we should be aware and turn into vigilant. In fact it is here we are at Congress to step-up and get the job done to produce a fundamental bill of legal rights for those information. This can give to us necessary protection.


Identity Thievery can there be expect victims?



Among the less popular Id thievery sources originates from none

apart from your charge card company as well as other supply of an information leak and in addition Visa fine processing companies for breaches of security rather of enhancing the affected company improve their security. the majority of the bigger information mill indeed secure however a burglar breach may happen to the most dependable of companies you cant ever be completely protected from Id theft, and also you certainly do not want your a good credit score in danger.

There’s a truly amazing quantity of data breeches each year, from a multitude of sources, for example obtained from The Id Theft Resource Center (a nonprofit organization) backed with a grant provided by the U.S. Department of justice through the Office for that Victims of Crimes, they don’t publish any information that isn’t



Creative works


Here are a few statistics for 2018 of exposed records:


Banking/Credit/Financial final amount of files uncovered-  1,709,013


Business-  415,233,143


Education-  1,408,670


Government/Military-  18,236,710


Medical/Healthcare-  9,927,798


Final amount of records exposed-  446,515,334




You’ve certainly heard of all the firms that promise or perhaps guarantee to safeguard your identity they often include different levels of insurance from $10,000.00 to some awesome million in case your identity is stolen, They’ll pay millions of if you’re able to convince their satisfaction that you simply endured millions of or even more in losses because of the Id thievery but beware some major companies limit their liability to expenses incurred legally or through other services THEY deem as necessary because of the failure or defectiveness of the service, in almost any situation they’ll generally pay only for legal costs or any other charges connected using the failure of the service, the price of these programs varies depending largely the quantity of insurance, so if you choose to use one of these to assist in protecting your identity inspect the guarantee carefully.


Identity thievery basics


Id theft is among the latest buzzword inside our society in recent occasions. Id theft describes hiding one’s original identity and unlawfully misusing another person’s identity. The individual pretending to become another person tries to earn money at the expense of others and bakes an abusive utilization of fake identity. The appearance of this type of crime has elevated partially because of the expansion within our communication network where individuals interact or learn about only the presence of body else but haven’t met them person. Since you don’t recognize your partner by looks it’s simpler for identity thieves to walk into others shoe and gather vital information for his or her own selfish motives. Id theft also occurs from distance if somebody may call or talk to every other person simply to gather some private information after which misuse the information provided.


Emergence of Internet aside from supplying many facilities and as being a blessing for individuals has additionally added a great deal to this already established crime.

With increasingly more business houses using Internet and computerized systems for his or her official workings elevated quantity of significant data are actually available on web. In addition to the acquiring vital statistics associated with a corporate house or any important individual information, identity thieves do disguise to fool others and acquire some information such as the charge card number or even the ssn. Thievery of charge card number and ssn can lead to an excellent loss and trauma for that victim. Because the offender can use the charge card for withdrawing money from others account as well as the crimes committed through the crook could be related to the victim because the crook was utilizing a fake identity of body else.

This growing type of crime has elevated concern of numerous and individuals are actually finding methods to combat such malicious actions that create loss to innocent citizens. Aside from following a general instructions and counting on social systems to avoid such crimes certain individual efforts are also needed to safeguard one from identity thieves. You have to be careful to not provide any private info on Internet or other public communication systems that may be utilized by anybody. Once perfectly confirmed verification some good info might be shared if it is very urgent. Also you ought to not depend on other people without careful verification from the identity of your partner.

It’s dependent on great regret that such identity thieves many a occasions bank upon the sentiments of excellent citizens and fool these to have fast money. Many such installments of false identity happen to be reported in recent past where individuals make believe you be somebody in great necessity of help so when some virtuous person comes forward to assist them to they simply breach others making personal profits at the fee for others.


Lately once the world was struck by a regrettable natural disaster of tsunami the aid of world put in through every means. Government organizations of nations struck with this calamity had set websites to create people conscious of the damages incurred and collect the aid of them when they could lead towards the well-being of victims. Following a genuine websites many fraudulent websites were also located simultaneously to bank upon people’s sentiments for private interests. Such occurrences and many more turn it into a moral responsibility of each and every citizen in the future forward and help in curbing this social crime.


Cyber Security Breach

The motivation behind hackers has evolved noticeably over the last couple of years. Developing harmful viruses is less about “bragging rights” or satisfying the creator’s ego and is becoming more and more about generating profit or commercial return.

The destruction of data on your computer or corruption of programs you use is a common side effect and what people have traditionally associated with a computer virus. The reformatting of your computer “c: drive”, especially at work, and the loss of valuable data used to be an incredibly painful experience.

The widespread deployment of data back up solutions within companies to comply with legislation and other factors means less and less valuable data is now stored on your computer’s local hard drive. More importantly for the virus writer this attack does not generate much tangible profit so there is not much motivation to develop more sophisticated programs to counter improved anti virus applications and corporate network security.

However, there is profit for the virus writer in turning your computer into a spam distribution machine. “Spam” is email sent without the permission of the person receiving the message. Hackers gain control of your computer through a Trojan Horse which gives them the same access rights as the user. Once your computer is controlled by the hacker it becomes known as a “Zombie.” A group of zombie machines is known as a “botnet.”

By controlling a botnet a hacker can generate profit in a number of ways. The botnet can be used to exhort a ransom from a company by threatening launch a damaging “Distributed Denial of Service” (DDoS) attack against its web site. The botnet can also be hired out to other hackers.

The most common way of profiting from a botnet is to use it to send out spam email. According to the security software company Sophos over 50% of all spam email now originates from botnets. Hackers use spam email to drive traffic to pay per click advertising sites or distribute virus programs further. Using a zombie computer helps cover their tracks.

The drive for generating profit is clearly evident in a new form of virus dubbed “Ransomware” by security experts which started to appear in 2005. Ransomware, as the name suggests, holds data on your computer “hostage.” Files on your hard drive are encrypted with a password. The user is then contacted and asked to pay a ransom to release the file.

Here are some simple tips and strategies to help prevent your computer turning into a “Zombie.”

• Keep your computer up to date with the latest software patches for Windows and other Microsoft programs. Most viruses and other malware exploit vulnerabilities in widely used programs.
• Install a reputable anti virus program. Keep the definitions up to date and scan your computer regularly.
• Install a personal firewall or buy a router with a hardware firewall. Ideally you need a firewall solution which filters both incoming and outgoing traffic from your computer to the internet.
• Never open spam email or associated email attachments which is frequently used to distribute virus programs. Use a spam filter to help reduce the amount of spam you receive.



Cybercriminals continue to flex their muscles over the healthcare industry with ransomware striking an Ohio medical practice previously this month.


NEO Urology in Boardman, Ohio, experienced a complex ransomware attack, along with hackers encrypting the organization’s whole computer system.


According to the report from local news agency WFMJ, the attack on NEO Urology occurred on June 10 th , when a fax has been sent to the practice administrator asking for a ransom payment of $75, 000 via bitcoin to uncover their files that were encrypted within the attack.


NEO Urology contacted their IT firm, who seem to suspects the hack originated in Russian federation. The IT firm used the third-party to pay the hacker the particular $75, 000.


The business stated that “the hackers proceeded to go so deep into their system it took until Wednesday [June 12 th ] to access their computer systems. ” With NEO Urology being not able to access their systems, downtime expenses added up quickly. The exercise told police that their reduction in revenue due to downtime had been between $30, 000-$50, 000 daily, according to WFMJ.


This particular ransomware attack goes to show that cybercriminals still see the value in focusing on the healthcare sector. With health care organizations needing constant access to their own data or their patients’ information, these businesses cannot afford to go with out computer access – an attractive reason behind cybercriminals to target the industry with ransomware.


Ransomware is displaying no signs of slowing down, in fact , based on a report from Malwarebytes, businesses noticed an astonishing 195 percent embrace ransomware attacks in Q1 associated with 2019.


Do not make the error of thinking you are not a focus on for ransomware. While it is true that will cybercriminals favor the healthcare industry and small to medium-sized companies, anyone could have a bullseye on the back when it comes to being struck simply by ransomware.


The write-up NEO Urology Experiences Ransomware Attack, Pays $75, 500 Ransom appeared 1st on HIPAA Safe Now! .

healthcare sector



The Department associated with Health and Human Services’ (HHS) Workplace for Civil Rights (OCR) provides announced a settlement with Touchstone Healthcare Imaging (“Touchstone”) for their potential infractions of HIPAA Security and Infringement Notification Rules. Touchstone has decided to pay $3, 000, 000 plus adopt a corrective action plan.


Touchstone is a diagnostic healthcare imaging services company based in Franklin, Tennessee, and provides services in Nebraska, Texas, Colorado, Florida, and Illinois.


The Infringement


In May 2014, Touchstone was informed by the F and OCR that one of its FILE TRANSFER PROTOCOL servers was giving uncontrolled, illegal access to protected health information (PHI). This particular uncontrolled access allowed files to become indexed by search engines, meaning a good unauthorized individual could access another’s PHI simply by performing an Internet lookup.


Initially, Touchstone stated that there was no PHI orient by the uncontrolled server. The story transformed during OCR’s investigation, when Touchstone ultimately admitted that the PHI associated with over 300, 000 patients is at fact, exposed. The information involved in the publicity includes names, birth dates, interpersonal security numbers, and addresses.


Even after the notice had been issued to Touchstone and the machine was taken offline, PHI continued to be visible on the Internet.


The Investigation


OCR found that Touchstone is at violation of multiple HIPAA guidelines. Following the breach notice issued by FBI and OCR, Touchstone failed to conduct a thorough investigation of the infringement for several months. Not only did the particular delayed investigation of the breach break HIPAA, but also resulted in delayed infringement notifications for the affected individuals as well as a postpone in notifying the media – both additional HIPAA violations.


Further investigation revealed that will Touchstone had also failed to carry out an accurate and thorough risk evaluation of its organization, a critical component inside identifying potential risks to the privacy, integrity, and availability of electronic PHI (ePHI) – and the violations do not stop there.


OCR identified two situations where Touchstone failed to have Business Associate Contracts in place with their vendors – which includes their IT support and a third-party data center, another HIPAA infringement.


The Arrangement


The arrangement of $3 million dollars is not the only action that needs to be taken by Touchstone. In addition to the monetary settlement, a robust further action plan must be adopted to address their particular HIPAA compliance deficiencies, including undertaking business associate agreements, completing a good enterprise-wide risk analysis, and implementing HIPAA policies and procedures.


Although the number of HIPAA infractions associated with this breach is intensive, all serve as an important reminder from the requirements under HIPAA that can not be ignored. Performing a risk evaluation, having Business Associate Agreements in position for the entire duration of a vendor agreement, implementing and enforcing policies plus procedures, ensuring technical safeguards have been in place, and training employees upon HIPAA and security awareness are simply a few key pieces of HIPAA conformity that should be addressed and evaluated regularly.


In addition , this situation highlights the necessity of taking quick action following a breach. Had Touchstone started their corrective action initiatives immediately following their notification from the F and OCR, several violations might have been avoided – the violations related to delayed breach notifications specifically.Illinois

Is Your COMPANY's Data on the Dark Web, Find out TODAY!!!


Copyright © 2015 - 2018 Sentree Systems, Corp.. All rights reserved.

Sentree Systems, Corp. | 6137 Crawfordsville Rd Ste F #177 Indianapolis, IN 46224 | 317-939-3282