iot health

IoT Evolution Health News

IoT Evolution Health Home

Cyber Insurer to Pay Millions in HIPAA Settlement

By Ken Briodagh
February 05, 2018

The Healthcare industry is dependent upon and dedicated to leveraging only the best in privacy and security controls, both to remain compliant to government regulation and to protect patients. IoT is, of course, also critically interested in deploying best-in-class security to protect the data that makes all its deployments mission-critical.

Now, the regulatory chickens are coming to roost as a result of a recently revealed breach of healthcare data. In early October 2015, 21st Century Oncology, the operator of about 145 radiation treatment centers across seventeen U.S. states, had about 2.2 million patients' records affected by illegal third party access of the Florida-based healthcare provider's database.

On March 4, 2016, the company released a statement disclosing the unauthorized access. In it, the company stated that 21st Century delayed notification of the breach because the FBI requested it, reportedly to prevent interference with the ongoing federal investigation.

Now, several lawsuits have been filed in which the people whose data was compromised alleged this was a violation of the Fair Credit Reporting Act and Florida Deceptive and Unfair Trade Practices Act. These plaintiffs further asserted that 21st Century failed to secure the HIPAA protected data with which the defendant had been entrusted, and that will make patients suffer a lifetime of vulnerability to tax fraud, medical fraud, or other forms of fraud as a result of identity theft. The data is said to have included patients' full names, their physicians' names, patients' Social Security numbers, diagnoses, insurance information, and treatment information.

After sixteen pending lawsuits were assigned to Judge Mary S. Scriven, on January 17, 2017, plaintiffs filed a consolidated class action complaint. On May 25, 2017, in the Southern District of New York, 21st Century Oncology Investments filed Chapter 11 Bankruptcy after reaching an agreement to restructure debt in such a way as to reduce it by more than $500 million.

The proposed class action against the defendant was stayed as a result of the bankruptcy proceeding and administratively closed, which halted litigation while defendants worked with the bankruptcy court to finalize financial liability to creditors, plaintiffs, and proposed class members.

On December 11, 2017, 21st Century agreed with The United States Department of Health and Human Services (HHS) to pay a $2.3 million fine to the department for the 2015 data breach affecting the 2.2 million patient records. In addition to the fine, 21st Century agreed to a plan of corrective action that included conducting risk analysis, the company appointing a compliance specialist, and the revision of its cybersecurity protocols as well as the development of breach reporting plans.

The HHS Office for Civil Rights has agreed to allow 21st Century's cyber insurer to pay the fine.

Ken Briodagh is a writer and editor with more than a decade of experience under his belt. He is in love with technology and if he had his druthers would beta test everything from shoe phones to flying cars.

Edited by Ken Briodagh

Editorial Director

Related Articles

AT&T and Aira Leverage IoT for Accessibility

By: Ken Briodagh    5/18/2018

Assistive Technology Platform Announces Global Expansion on Global Accessibility Awareness Day

Read More

IoT Time Podcast S.3 Ep.16 ClearSky Data

By: Ken Briodagh    5/15/2018

On this episode of IoT Time Podcast, Ken Briodagh sits down with Laz Vekiarides, CTO and co-founder of ClearSky Data, to talk about the Edge, the Fog,…

Read More

Black Book Survey Says Healthcare IoT Security is Maturing Too Slowly

By: Ken Briodagh    5/14/2018

The industry is deluged with new applications, challenging systems, new devices and innovative approaches to handling and sharing data.

Read More

Verizon Announces ThingSpace Ready to Speed Time-to-Market

By: Ken Briodagh    5/14/2018

Partners include leading module makers Quectel, Sequans and u-blox, cellular design houses Bittium and Mobilogix and SIM provider G+D Mobile Security

Read More

Finnish Health Technology Company Secures investment for Medical Robots

By: Ken Briodagh    5/9/2018

According to a recent announcement, Highlight Health Investment Limited, a Chinese investment company, has invested 4.5 million euros into Finnish hea…

Read More