iot health

IoT Evolution Health News

IoT Evolution Health Home

Cyber Insurer to Pay Millions in HIPAA Settlement

By Ken Briodagh
February 05, 2018

The Healthcare industry is dependent upon and dedicated to leveraging only the best in privacy and security controls, both to remain compliant to government regulation and to protect patients. IoT is, of course, also critically interested in deploying best-in-class security to protect the data that makes all its deployments mission-critical.

Now, the regulatory chickens are coming to roost as a result of a recently revealed breach of healthcare data. In early October 2015, 21st Century Oncology, the operator of about 145 radiation treatment centers across seventeen U.S. states, had about 2.2 million patients' records affected by illegal third party access of the Florida-based healthcare provider's database.

On March 4, 2016, the company released a statement disclosing the unauthorized access. In it, the company stated that 21st Century delayed notification of the breach because the FBI requested it, reportedly to prevent interference with the ongoing federal investigation.

Now, several lawsuits have been filed in which the people whose data was compromised alleged this was a violation of the Fair Credit Reporting Act and Florida Deceptive and Unfair Trade Practices Act. These plaintiffs further asserted that 21st Century failed to secure the HIPAA protected data with which the defendant had been entrusted, and that will make patients suffer a lifetime of vulnerability to tax fraud, medical fraud, or other forms of fraud as a result of identity theft. The data is said to have included patients' full names, their physicians' names, patients' Social Security numbers, diagnoses, insurance information, and treatment information.

After sixteen pending lawsuits were assigned to Judge Mary S. Scriven, on January 17, 2017, plaintiffs filed a consolidated class action complaint. On May 25, 2017, in the Southern District of New York, 21st Century Oncology Investments filed Chapter 11 Bankruptcy after reaching an agreement to restructure debt in such a way as to reduce it by more than $500 million.

The proposed class action against the defendant was stayed as a result of the bankruptcy proceeding and administratively closed, which halted litigation while defendants worked with the bankruptcy court to finalize financial liability to creditors, plaintiffs, and proposed class members.

On December 11, 2017, 21st Century agreed with The United States Department of Health and Human Services (HHS) to pay a $2.3 million fine to the department for the 2015 data breach affecting the 2.2 million patient records. In addition to the fine, 21st Century agreed to a plan of corrective action that included conducting risk analysis, the company appointing a compliance specialist, and the revision of its cybersecurity protocols as well as the development of breach reporting plans.

The HHS Office for Civil Rights has agreed to allow 21st Century's cyber insurer to pay the fine.


Ken Briodagh is a writer and editor with more than a decade of experience under his belt. He is in love with technology and if he had his druthers would beta test everything from shoe phones to flying cars.

Edited by Ken Briodagh

Editorial Director

SHARE THIS ARTICLE
Related Articles

Ericsson, Sony Mobile, and Altair Announce LTE-M eHealth Demo at MWC

By: Ken Briodagh    2/14/2018

LTE-M/Cat-M1 connected eHealth concept for diabetes monitoring, based on Sony Mobile cloud-based service, wearable prototype powered by Altair's ALT12…

Read More

IoT Time Podcast S.3 Ep.6 Intrinsic ID

By: Ken Briodagh    2/13/2018

In this episode of IoT Time Podcast, Ken Briodagh sits down with Pim Tuyls, CEO, Intrinsic ID.

Read More

Medigate Launches Dedicated Medical Device Security Platform

By: Ken Briodagh    2/13/2018

Delivers visibility into devices and risks, detects anomalies and actively blocks malicious activities; debuts at HIMSS 2018 Conference & Exhibit

Read More

Clearwater CEO Bob Chaput Shares Expertise on Insuring Hospital Cyber Risks

By: Ken Briodagh    2/13/2018

Hospitals and health systems use captive insurance as an alternative to commercial carriers for professional liability, property, and workers comp ins…

Read More

Gilson Introduces Cloud Platform for New Research Tools, For Science!

By: Ken Briodagh    2/13/2018

Tablet with microplate app and electronic pipette are first Internet of Things devices in the Gilson Connect Family

Read More