{"id":13101,"date":"2017-04-18T19:46:59","date_gmt":"2017-04-18T19:46:59","guid":{"rendered":"https:\/\/digital-sentinel.com\/?p=13101"},"modified":"2017-04-18T19:53:17","modified_gmt":"2017-04-18T19:53:17","slug":"hack-leads-hipaa-settlement","status":"publish","type":"post","link":"https:\/\/digital-sentinel.com\/uncategorized\/hack-leads-hipaa-settlement\/","title":{"rendered":"Hack Leads to HIPAA Settlement"},"content":{"rendered":"<p>While your business may indeed be a \u201cvictim\u201d when hit by a\u00a0phishing attack, your enterprise can also be responsible for violations of law associated with the incident. \u00a0 Earlier this week, the <a href=\"https:\/\/www.hhs.gov\/ocr\">HHS Office for Civil Rights <\/a>(\u201cOCR\u201d) announced <a href=\"https:\/\/www.hhs.gov\/about\/news\/2017\/04\/12\/overlooking-risks-leads-to-breach-settlement.html\">a $400,000 settlement<\/a> with Metro Community Provider Network (\u201cMCPN\u201d) related to a 2012 HIPAA breach caused by a phishing scam. The phishing scam, carried out by accessing MCPN employees\u2019 email accounts, gave a hacker access to the electronic protected health information (\u201cePHI\u201d) of 3,200 individuals. In investigating the breach, OCR determined that, <strong>prior to the breach, MCPN had not conducted a security risk analysis (a requirement under HIPAA). Further, OCR found that even after MCPN conducted a risk analysis, its analysis was insufficient to meet the requirements of the HIPAA Security Rule.<\/strong><\/p>\n<p>In addition to the $400,000 fine, MCPN agreed to a corrective action plan with OCR. That plan requires MCPN to conduct a comprehensive risk analysis and to submit a written report on the risk analysis to OCR. Additionally, MCPN will be required to develop an organization-wide risk management plan, to review and revise its Security Rule policies and procedures, to review and revise its Security Rule training materials, and to report to OCR any instance of a workforce member failing to comply with its Security Rule policies and procedures.<\/p>\n<p>The MCPH settlement underscores the <strong>importance of risk analyses and workforce training<\/strong> to avoid phishing scams. Additionally, it is crucial that entities regulated by HIPAA conduct an enterprise-wide HIPAA risk analysis, update that analysis to address new threats, and implement policies and training based on identified risks. Failure to comply with these essential HIPAA requirements can turn a relatively routine breach investigation into a $400,000 settlement.<\/p>\n<p>A copy of the MCPN resolution agreement and corrective action plan is available <a href=\"https:\/\/www.hhs.gov\/sites\/default\/files\/mcpn-ra-cap.pdf\">here<\/a>. OCR\u2019s press release on the settlement is available <a href=\"https:\/\/www.hhs.gov\/about\/news\/2017\/04\/12\/overlooking-risks-leads-to-breach-settlement.html\">here<\/a>. General Security Rule guidance from OCR is available <a href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/security\/guidance\/index.html\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>While your business may indeed be a \u201cvictim\u201d when hit by a\u00a0phishing attack, [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":13103,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v18.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Hack Leads to HIPAA Settlement - Digital Sentinel<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/digital-sentinel.com\/uncategorized\/hack-leads-hipaa-settlement\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hack Leads to HIPAA Settlement - Digital Sentinel\" \/>\n<meta property=\"og:description\" content=\"While your business may indeed be a \u201cvictim\u201d when hit by a\u00a0phishing attack, [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/digital-sentinel.com\/uncategorized\/hack-leads-hipaa-settlement\/\" \/>\n<meta property=\"og:site_name\" content=\"Digital Sentinel\" \/>\n<meta property=\"article:published_time\" content=\"2017-04-18T19:46:59+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-04-18T19:53:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/digital-sentinel.com\/wp-content\/uploads\/phishing.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"450\" \/>\n\t<meta property=\"og:image:height\" content=\"300\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Digital-Sentinel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/digital-sentinel.com\/#organization\",\"name\":\"Digital Sentinel\",\"url\":\"https:\/\/digital-sentinel.com\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/digital-sentinel.com\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/digital-sentinel.com\/wp-content\/uploads\/Digital-Sentinel.gif\",\"contentUrl\":\"https:\/\/digital-sentinel.com\/wp-content\/uploads\/Digital-Sentinel.gif\",\"width\":613,\"height\":224,\"caption\":\"Digital Sentinel\"},\"image\":{\"@id\":\"https:\/\/digital-sentinel.com\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/digital-sentinel.com\/#website\",\"url\":\"https:\/\/digital-sentinel.com\/\",\"name\":\"Digital Sentinel\",\"description\":\"Profit Protection Technology\",\"publisher\":{\"@id\":\"https:\/\/digital-sentinel.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/digital-sentinel.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/digital-sentinel.com\/uncategorized\/hack-leads-hipaa-settlement\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/digital-sentinel.com\/wp-content\/uploads\/phishing.jpg\",\"contentUrl\":\"https:\/\/digital-sentinel.com\/wp-content\/uploads\/phishing.jpg\",\"width\":450,\"height\":300},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/digital-sentinel.com\/uncategorized\/hack-leads-hipaa-settlement\/#webpage\",\"url\":\"https:\/\/digital-sentinel.com\/uncategorized\/hack-leads-hipaa-settlement\/\",\"name\":\"Hack Leads to HIPAA Settlement - Digital Sentinel\",\"isPartOf\":{\"@id\":\"https:\/\/digital-sentinel.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/digital-sentinel.com\/uncategorized\/hack-leads-hipaa-settlement\/#primaryimage\"},\"datePublished\":\"2017-04-18T19:46:59+00:00\",\"dateModified\":\"2017-04-18T19:53:17+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/digital-sentinel.com\/uncategorized\/hack-leads-hipaa-settlement\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/digital-sentinel.com\/uncategorized\/hack-leads-hipaa-settlement\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/digital-sentinel.com\/uncategorized\/hack-leads-hipaa-settlement\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/digital-sentinel.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Hack Leads to HIPAA Settlement\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/digital-sentinel.com\/uncategorized\/hack-leads-hipaa-settlement\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/digital-sentinel.com\/uncategorized\/hack-leads-hipaa-settlement\/#webpage\"},\"author\":{\"@id\":\"https:\/\/digital-sentinel.com\/#\/schema\/person\/78a25f0a40a470633a45d6c98b60f0b2\"},\"headline\":\"Hack Leads to HIPAA Settlement\",\"datePublished\":\"2017-04-18T19:46:59+00:00\",\"dateModified\":\"2017-04-18T19:53:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/digital-sentinel.com\/uncategorized\/hack-leads-hipaa-settlement\/#webpage\"},\"wordCount\":319,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/digital-sentinel.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/digital-sentinel.com\/uncategorized\/hack-leads-hipaa-settlement\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/digital-sentinel.com\/wp-content\/uploads\/phishing.jpg\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/digital-sentinel.com\/uncategorized\/hack-leads-hipaa-settlement\/#respond\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/digital-sentinel.com\/#\/schema\/person\/78a25f0a40a470633a45d6c98b60f0b2\",\"name\":\"Digital-Sentinel\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/digital-sentinel.com\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/34ea0504bbaf2d4274b9488fb3281aa1?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/34ea0504bbaf2d4274b9488fb3281aa1?s=96&d=mm&r=g\",\"caption\":\"Digital-Sentinel\"},\"url\":\"https:\/\/digital-sentinel.com\/author\/digital-sentinel\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Hack Leads to HIPAA Settlement - Digital Sentinel","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/digital-sentinel.com\/uncategorized\/hack-leads-hipaa-settlement\/","og_locale":"en_US","og_type":"article","og_title":"Hack Leads to HIPAA Settlement - Digital Sentinel","og_description":"While your business may indeed be a \u201cvictim\u201d when hit by a\u00a0phishing attack, [&hellip;]","og_url":"https:\/\/digital-sentinel.com\/uncategorized\/hack-leads-hipaa-settlement\/","og_site_name":"Digital Sentinel","article_published_time":"2017-04-18T19:46:59+00:00","article_modified_time":"2017-04-18T19:53:17+00:00","og_image":[{"width":450,"height":300,"url":"https:\/\/digital-sentinel.com\/wp-content\/uploads\/phishing.jpg","type":"image\/jpeg"}],"twitter_card":"summary","twitter_misc":{"Written by":"Digital-Sentinel","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/digital-sentinel.com\/#organization","name":"Digital Sentinel","url":"https:\/\/digital-sentinel.com\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/digital-sentinel.com\/#logo","inLanguage":"en-US","url":"https:\/\/digital-sentinel.com\/wp-content\/uploads\/Digital-Sentinel.gif","contentUrl":"https:\/\/digital-sentinel.com\/wp-content\/uploads\/Digital-Sentinel.gif","width":613,"height":224,"caption":"Digital Sentinel"},"image":{"@id":"https:\/\/digital-sentinel.com\/#logo"}},{"@type":"WebSite","@id":"https:\/\/digital-sentinel.com\/#website","url":"https:\/\/digital-sentinel.com\/","name":"Digital Sentinel","description":"Profit Protection Technology","publisher":{"@id":"https:\/\/digital-sentinel.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/digital-sentinel.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/digital-sentinel.com\/uncategorized\/hack-leads-hipaa-settlement\/#primaryimage","inLanguage":"en-US","url":"https:\/\/digital-sentinel.com\/wp-content\/uploads\/phishing.jpg","contentUrl":"https:\/\/digital-sentinel.com\/wp-content\/uploads\/phishing.jpg","width":450,"height":300},{"@type":"WebPage","@id":"https:\/\/digital-sentinel.com\/uncategorized\/hack-leads-hipaa-settlement\/#webpage","url":"https:\/\/digital-sentinel.com\/uncategorized\/hack-leads-hipaa-settlement\/","name":"Hack Leads to HIPAA Settlement - Digital Sentinel","isPartOf":{"@id":"https:\/\/digital-sentinel.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/digital-sentinel.com\/uncategorized\/hack-leads-hipaa-settlement\/#primaryimage"},"datePublished":"2017-04-18T19:46:59+00:00","dateModified":"2017-04-18T19:53:17+00:00","breadcrumb":{"@id":"https:\/\/digital-sentinel.com\/uncategorized\/hack-leads-hipaa-settlement\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/digital-sentinel.com\/uncategorized\/hack-leads-hipaa-settlement\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/digital-sentinel.com\/uncategorized\/hack-leads-hipaa-settlement\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/digital-sentinel.com\/"},{"@type":"ListItem","position":2,"name":"Hack Leads to HIPAA Settlement"}]},{"@type":"Article","@id":"https:\/\/digital-sentinel.com\/uncategorized\/hack-leads-hipaa-settlement\/#article","isPartOf":{"@id":"https:\/\/digital-sentinel.com\/uncategorized\/hack-leads-hipaa-settlement\/#webpage"},"author":{"@id":"https:\/\/digital-sentinel.com\/#\/schema\/person\/78a25f0a40a470633a45d6c98b60f0b2"},"headline":"Hack Leads to HIPAA Settlement","datePublished":"2017-04-18T19:46:59+00:00","dateModified":"2017-04-18T19:53:17+00:00","mainEntityOfPage":{"@id":"https:\/\/digital-sentinel.com\/uncategorized\/hack-leads-hipaa-settlement\/#webpage"},"wordCount":319,"commentCount":0,"publisher":{"@id":"https:\/\/digital-sentinel.com\/#organization"},"image":{"@id":"https:\/\/digital-sentinel.com\/uncategorized\/hack-leads-hipaa-settlement\/#primaryimage"},"thumbnailUrl":"https:\/\/digital-sentinel.com\/wp-content\/uploads\/phishing.jpg","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/digital-sentinel.com\/uncategorized\/hack-leads-hipaa-settlement\/#respond"]}]},{"@type":"Person","@id":"https:\/\/digital-sentinel.com\/#\/schema\/person\/78a25f0a40a470633a45d6c98b60f0b2","name":"Digital-Sentinel","image":{"@type":"ImageObject","@id":"https:\/\/digital-sentinel.com\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/34ea0504bbaf2d4274b9488fb3281aa1?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/34ea0504bbaf2d4274b9488fb3281aa1?s=96&d=mm&r=g","caption":"Digital-Sentinel"},"url":"https:\/\/digital-sentinel.com\/author\/digital-sentinel\/"}]}},"_links":{"self":[{"href":"https:\/\/digital-sentinel.com\/wp-json\/wp\/v2\/posts\/13101"}],"collection":[{"href":"https:\/\/digital-sentinel.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/digital-sentinel.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/digital-sentinel.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/digital-sentinel.com\/wp-json\/wp\/v2\/comments?post=13101"}],"version-history":[{"count":0,"href":"https:\/\/digital-sentinel.com\/wp-json\/wp\/v2\/posts\/13101\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/digital-sentinel.com\/wp-json\/wp\/v2\/media\/13103"}],"wp:attachment":[{"href":"https:\/\/digital-sentinel.com\/wp-json\/wp\/v2\/media?parent=13101"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/digital-sentinel.com\/wp-json\/wp\/v2\/categories?post=13101"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/digital-sentinel.com\/wp-json\/wp\/v2\/tags?post=13101"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}