[Most Recent Entries] [Calendar View]
Friday, February 17th, 2017
| Time | Event |
| 5:30p | Poor Access Management Leads to $5.5M HIPAA Penalty  Brought to you by MSPmentor A Miami, Fla.-area nonprofit this week paid $5.5 million to settle a HIPAA case alleging that credentials of former employees were used to access electronic protected health information (ePHI) of 80,000 people – some of whom were later victims of identity theft. South Broward Hospital District, which does business as Memorial Healthcare System (MHS), initially reported in April of 2012, that two former employees had improperly accessed ePHI. The nonprofit hospital chain filed a follow-up case three months later, saying they had found evidence of additional breaches by 12 other employees who worked at affiliated physicians offices. Investigators from the U.S. Department of Health and Human Services Office of Civil Rights (OCR) determined that MHS failed to revoke access of former employees, failed to review logs and access records, and had inadequate policies for managing employee permissions to networks containing ePHI. “Access to ePHI must be provided only to authorized users, including affiliated physician office staff,” Robinsue Frohboese, acting OCR director, said in a statement Thursday. “Further, organizations must implement audit controls and review audit logs regularly,” the statement continued. “As this case shows, a lack of access controls and regular review of audit logs helps hackers or malevolent insiders to cover their electronic tracks, making it difficult for covered entities and business associates to not only recover from breaches, but to prevent them before they happen.” IT service providers continue to strike gold working in the healthcare vertical. But the lucrative market also poses substantial risks for covered entities and authorized business associates – often third-party IT service providers – in the event ePHI is mishandled. In the latest case, MHS reported their suspicion that as many as 105,646 individuals might have been affected, though OCR investigators ultimately placed the final tally at about 80,000. Still, the impact was significant. “Some of these instances led to federal charges relating to selling protected health information and filing fraudulent tax returns,” OCR investigators said in a document detailing terms of the settlement. As part of the agreement, MHS also agreed to comply with a corrective action plan. The $5.5 million payment is tied for the largest HIPAA breach penalty levied so far and marks a continuation of an enforcement crackdown that dates back to the start of last year. OCR has collected $11.4 million so far in 2017. That’s compared to $23.5 million last year, and just $6.2 million levied in all of 2015. This article originally appeared on MSPmentor. |
| 6:44p | Court Throws Out Facebook’s Motion to Dismiss Data Center Design Lawsuit A judge in Silicon Valley last week ruled against Facebook’s motion to dismiss a lawsuit filed by a British data center builder in 2015 alleging that the social network misappropriated its trade secrets. The secrets in question are designs and methods for building modular data centers. BladeRoom, one of the two companies that filed the complaint, claims Facebook and Emerson Electric (whose data center subsidiary Emerson Network Power has since been spun out and renamed as Vertiv), lured it and Bripco (the other plaintiff), into disclosing their designs and methods and then turned around and used them to build a data center in Sweden on their own. The two British companies are accusing Facebook and Emerson of enticing “them to reveal their data center designs and construction methods with promises of acquisition and partnership, only to then copy those designs and methods and pass them off as their own,” according to court documents. The plaintiffs are also alleging that Facebook disclosed their trade secrets publicly through the Open Compute Project, its open source data center and hardware design initiative. BladeRoom licenses the design and methodology from Bripco, which owns the rights. A judge in the San Jose division of the California Northern District of the US District Court threw out most of Facebook’s motion to dismiss the lawsuit, concluding that BladeRoom and Bripco have made a sufficient-enough argument to continue litigation. The court did dismiss a part in which the plaintiffs accused Facebook of using the trade secrets to compete against them commercially. We’ve reached out to Facebook for comment and will update the post if and when we hear back. |
| << Previous Day |
2017/02/17 [Calendar] |
Next Day >> |