iot health

IoT Evolution Health News

IoT Evolution Health Home

Cyber Insurer to Pay Millions in HIPAA Settlement

By Ken Briodagh
February 05, 2018

The Healthcare industry is dependent upon and dedicated to leveraging only the best in privacy and security controls, both to remain compliant to government regulation and to protect patients. IoT is, of course, also critically interested in deploying best-in-class security to protect the data that makes all its deployments mission-critical.

Now, the regulatory chickens are coming to roost as a result of a recently revealed breach of healthcare data. In early October 2015, 21st Century Oncology, the operator of about 145 radiation treatment centers across seventeen U.S. states, had about 2.2 million patients' records affected by illegal third party access of the Florida-based healthcare provider's database.

On March 4, 2016, the company released a statement disclosing the unauthorized access. In it, the company stated that 21st Century delayed notification of the breach because the FBI requested it, reportedly to prevent interference with the ongoing federal investigation.

Now, several lawsuits have been filed in which the people whose data was compromised alleged this was a violation of the Fair Credit Reporting Act and Florida Deceptive and Unfair Trade Practices Act. These plaintiffs further asserted that 21st Century failed to secure the HIPAA protected data with which the defendant had been entrusted, and that will make patients suffer a lifetime of vulnerability to tax fraud, medical fraud, or other forms of fraud as a result of identity theft. The data is said to have included patients' full names, their physicians' names, patients' Social Security numbers, diagnoses, insurance information, and treatment information.

After sixteen pending lawsuits were assigned to Judge Mary S. Scriven, on January 17, 2017, plaintiffs filed a consolidated class action complaint. On May 25, 2017, in the Southern District of New York, 21st Century Oncology Investments filed Chapter 11 Bankruptcy after reaching an agreement to restructure debt in such a way as to reduce it by more than $500 million.

The proposed class action against the defendant was stayed as a result of the bankruptcy proceeding and administratively closed, which halted litigation while defendants worked with the bankruptcy court to finalize financial liability to creditors, plaintiffs, and proposed class members.

On December 11, 2017, 21st Century agreed with The United States Department of Health and Human Services (HHS) to pay a $2.3 million fine to the department for the 2015 data breach affecting the 2.2 million patient records. In addition to the fine, 21st Century agreed to a plan of corrective action that included conducting risk analysis, the company appointing a compliance specialist, and the revision of its cybersecurity protocols as well as the development of breach reporting plans.

The HHS Office for Civil Rights has agreed to allow 21st Century's cyber insurer to pay the fine.


Ken Briodagh is a writer and editor with more than a decade of experience under his belt. He is in love with technology and if he had his druthers would beta test everything from shoe phones to flying cars.

Edited by Ken Briodagh

Editorial Director

SHARE THIS ARTICLE
Related Articles

Asimily Studies the Internet of Medical Things: How Adopting a Holistic, Risk-Based Approach is Key for HDOs

By: Alex Passett    8/23/2023

Internet of Medical Things company Asimily published a new report studying the effects of cyberwarfare on the modern healthcare industry.

Read More

GlobalPlatform Leads the Way in Automotive Security

By: Greg Tavarez    5/28/2023

GlobalPlatform launched a comprehensive initiative to address automotive security challenges and foster collaboration within the industry.

Read More

Validic Expands Healthcare IoT Platform with Integration of Smart Meter's Cellular-Enabled Health Devices

By: Stefania Viscusi    4/5/2023

Validic, a digital health company, announced it has integrated with Smart Meter, a connected health solution supplier, to expand its healthcare IoT pl…

Read More

CenTrak Announces Workflow Software for Improved Healthcare Solutions

By: Alex Passett    1/19/2023

End-to-end healthcare solutions provider CenTrak has introduced Workflow, its new software designed to remove manual burdens in clinical settings.

Read More

The Internet of Cannabis: How Sensor-Based Networks and Precision Horticulture are Going Next Level

By: Reece Loftus    12/19/2022

With its Grow as a Service offering, PharmCloud's has created Cannabis Industry 4.0, with IoT sensors placed throughout the growth process to enable m…

Read More