Latest Health Data Breach due to usage of outdated and unsupported software

How important is it to regularly review IT systems to access and address the risks to ePHI?

Extremely Important.images (5)

The Anchorage Community Mental Health Services (ACMHS) is in the process of settling a large fine with the Offie of Civil Rights (OCR), for violations of HIPAA’s Security Rule. They recently reported a breach of unsecured ePHI affecting 2,743 individuals. The breach occurred due to oversight in following the HIPAA Security Rule policies and procedures.

The security incident was the direct result of ACMHS failing to identify and address basic risks, such as not regularly updating their IT resources with available patches and running outdated, unsupported software.

As per OCR Director Jocelyn Samuels, ““Successful HIPAA compliance requires a common sense approach to assessing and addressing the risks to ePHI on a regular basis. This includes reviewing systems for unpatched vulnerabilities and unsupported software that can leave patient information susceptible to malware and other risks”

Read the full report:  http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/acmhs/index.html

OCR

Read EHR2.0’s white paper on Meaningful Use Security Risk Analysis here

Learn about EHR2.0’s Security Risk Analysis Services here

Listen to EHR2.0’s FREE webinars on HIPAA Compliance topics

Share this in :
  •  
  •  
  •  
  •  
The following two tabs change content below.
Our mission is to assist healthcare organizations and business associates in the development, design, and implementation of practices to secure IT systems and comply with HIPAA/HITECH privacy, security, breach and enforcement rules by protecting patient health information.