iot health

IoT Evolution Health News

IoT Evolution Health Home

Cyber Insurer to Pay Millions in HIPAA Settlement

By Ken Briodagh
February 05, 2018

The Healthcare industry is dependent upon and dedicated to leveraging only the best in privacy and security controls, both to remain compliant to government regulation and to protect patients. IoT is, of course, also critically interested in deploying best-in-class security to protect the data that makes all its deployments mission-critical.

Now, the regulatory chickens are coming to roost as a result of a recently revealed breach of healthcare data. In early October 2015, 21st Century Oncology, the operator of about 145 radiation treatment centers across seventeen U.S. states, had about 2.2 million patients' records affected by illegal third party access of the Florida-based healthcare provider's database.

On March 4, 2016, the company released a statement disclosing the unauthorized access. In it, the company stated that 21st Century delayed notification of the breach because the FBI requested it, reportedly to prevent interference with the ongoing federal investigation.

Now, several lawsuits have been filed in which the people whose data was compromised alleged this was a violation of the Fair Credit Reporting Act and Florida Deceptive and Unfair Trade Practices Act. These plaintiffs further asserted that 21st Century failed to secure the HIPAA protected data with which the defendant had been entrusted, and that will make patients suffer a lifetime of vulnerability to tax fraud, medical fraud, or other forms of fraud as a result of identity theft. The data is said to have included patients' full names, their physicians' names, patients' Social Security numbers, diagnoses, insurance information, and treatment information.

After sixteen pending lawsuits were assigned to Judge Mary S. Scriven, on January 17, 2017, plaintiffs filed a consolidated class action complaint. On May 25, 2017, in the Southern District of New York, 21st Century Oncology Investments filed Chapter 11 Bankruptcy after reaching an agreement to restructure debt in such a way as to reduce it by more than $500 million.

The proposed class action against the defendant was stayed as a result of the bankruptcy proceeding and administratively closed, which halted litigation while defendants worked with the bankruptcy court to finalize financial liability to creditors, plaintiffs, and proposed class members.

On December 11, 2017, 21st Century agreed with The United States Department of Health and Human Services (HHS) to pay a $2.3 million fine to the department for the 2015 data breach affecting the 2.2 million patient records. In addition to the fine, 21st Century agreed to a plan of corrective action that included conducting risk analysis, the company appointing a compliance specialist, and the revision of its cybersecurity protocols as well as the development of breach reporting plans.

The HHS Office for Civil Rights has agreed to allow 21st Century's cyber insurer to pay the fine.

Ken Briodagh is a writer and editor with more than a decade of experience under his belt. He is in love with technology and if he had his druthers would beta test everything from shoe phones to flying cars.

Edited by Ken Briodagh

Editorial Director

Related Articles

HOYHEALTH Launches HoyDOC Mobile App Bilingual Tele-Health Platform

By: Ken Briodagh    8/15/2018

Hoy Health, a health-tech start-up that offers access to healthcare programs, recently announced the launch of its HoyDOC mobile app.

Read More

Hearing Aid Technologies to Make Life Easier

By: Special Guest    8/15/2018

In today's world full of technological advancements, it is quite common for everyone to face issues with respect to the hearing capability.

Read More

Hack the Grid: It May Be Easier Than We Thought. Now What?

By: Special Guest    8/13/2018

Cybereason reported earlier this month that the Industrial Control System environments that handle energy may be easier to hack than even the most sea…

Read More

When the FBI Speaks the IoT Listens

By: Cynthia S. Artin    8/10/2018

Recently, the FBI issued a periodic "Public Service Announcements" (PSA) with an unusual twist: a dire warning stating that cybercriminals are using t…

Read More

IoT in Health Podcast S.1 Ep.3 IFS

By: Ken Briodagh    8/3/2018

On this episode of the monthly IoT in Health Podcast, Ken Briodaghsits down with Tom DeVroy, Senior product Evangelist, IFS North America, to talk abo…

Read More