4.5 Million Patients’ Information Stolen by Hackers

more+
less-

Community Health Systems Inc. (“CHS”), a Tennessee-based hospital provider, has reported it was the target of data hackers who were able to obtain identification information belonging to approximately 4.5 million CHS patients. According to some sources, this is the second-largest HIPAA breach ever. The company has been cooperating with Federal law enforcement authorities pursuing the individuals responsible for hacking into CHS’s system. In response to this breach, CHS is working to notify those individuals whose information was stolen and assisting them with identity theft protection as well as working with a security firm to thoroughly investigate the breach.

Healthcare providers that maintain or transmit electronic protected health (“ePHI”) information must not only be careful about how they use and disclose ePHI, they must also be wary of criminal attacks coming from outside their organization. Even simple identification information such as names, phone numbers, and social security numbers are protected by HIPAA. As part of ongoing HIPAA compliance, providers should assess and document the risk of breach of ePHI and the safeguards in place to prevent a breach. The more technical safeguards a provider has implemented for its ePHI (such as encryption, firewalls, and unauthorized or unusual access alerts), the less likely hackers will be able to infiltrate records and, in the event they infiltrate anyway, the easier for a provider to make a good case that it took all reasonable steps to safeguard its patients’ PHI, or at least to mitigate harm caused by a breach. Providers must consider all aspects of HIPAA, including both the Privacy Rule and the Security Rule, and make sure their HIPAA compliance programs are operational and complete.

 


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Benesch | Attorney Advertising

Written by:

more+
less-

Benesch on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×
Loading...
×
×