https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

Strategy


Phishing Attack Results in 400000 HIPAA Breach Fine

Phishing Attack Results in $400,000 HIPAA Breach Fine

  • Written by Aldrin Brown
  • April 12, 2017
The payment by a Denver-based network of public health clinics marks the first settlement deal since shortly after the federal office responsible for HIPAA enforcement changed leadership in January.

A Denver, Colo.-area network of public health clinics paid a $400,000 HIPAA breach penalty after a phishing attack let a hacker gain access to employee email accounts and obtain electronic protected health information (ePHI) of 3,200 patients, federal authorities said today.    

Metro Community Provider Network (MCPN) – which provides primary medical care, pharmacies, social work, dental and behavioral care to roughly 43,000 mostly poor patients – reported the breach in January of 2012.

Investigators from the U.S. Department of Health and Human Services Office of Civil Rights (OCR) found that MCPN violated the HIPAA Security Rule by failing to do proper risk assessments or implement adequate cybersecurity measures and procedures.

“Specifically, MCPN has failed to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of ePHI held by MCPN,” OCR wrote in the official Resolution Agreement. “Further, MCPN has failed to implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level.”   

Investigators indicated the financial component of the settlement might have been higher but OCR considered the public benefit of the services provided by the nonprofit.

MCPN is a federally qualified health center (FQHC), which means it receives government reimbursement for treating people with incomes at or below the poverty line.

“With this settlement amount, OCR considered MCPN’s status as a FQHC when balancing the significance of the violation with MCPN’s ability to maintain sufficient financial standing to ensure the provision of ongoing patient care,” OCR said in a statement today.

MCPN must also adhere to a corrective action plan.

The payment marks the first agreement in nearly two months, following three settlements totaling $11.4 million during the first six weeks of 2017.

That pause coincided with the transition in presidential administration and prompted some observers to question whether new OCR Director Roger Severino would continue an enforcement crackdown that began under his predecessor Jocelyn Samuels.

“Patients seeking health care trust that their providers will safeguard and protect their health information,” Severino said in today’s OCR statement. “Compliance with the HIPAA Security Rule helps covered entities meet this important obligation to their patient communities.”

Compliance with the security and privacy rules of the Health Insurance Portability and Accountability Act has become increasingly important to IT services providers working in healthcare.

Though lucrative, the vertical also carries risks for managed service providers (MSPs), who are required to sign business associate agreements (BAAs) which expose them to liability in the event that ePHI is mishandled. 

The MCPN settlement brings to $11.8 million the amount of HIPAA breach payments collected by OCR thus far this year.

Last year, the agency collected a record $23.5 million, up from $6.2 million in all of 2015.

 

Send tips and news to [email protected].

Tags: Cloud Service Providers Digital Service Providers MSPs VARs/SIs Strategy

Related


  • Cloud Certification
    Protegrity Partners Get New Program with Added Training, Certification
    Protegrity partners asked for access to more training.
  • Cloud Apps
    Getting Clients Ready for an 88% Increase in Cloud Adoption
    Cloud apps are a saving grace in retooling companies during the pandemic.
  • Blackjack Double Down
    SAP UK Reveals Plan to Double Channel Revenue in 3 Years
    SAP UK says partners are “our multiplier,” outlining a three-year transformation of the business.
  • Cybersecurity Roundup
    Law Firm Cyberattack Exposes Tens of Thousands of Patient Records
    Cybercriminals prefer to target entities like law firms because of the enterprise data they possess.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Palo Alto Networks Unveils Bridgecrew Acquisition, Prisma Access 2.0
  • How Remote Working Promotes Diversity and Inclusion in the Workplace
  • Tactical Threat Intelligence Has a Critical Place in a Layered Cybersecurity Strategy
  • Why Cloud Storage Protection Is a Top Opportunity for MSPs

Galleries

View all

Critical Threat Protection Steps MSSPs, Other Partners, Must Take Now

February 26, 2021

Industry Perspectives

View all

The “Roaring 20s” Are Coming

February 25, 2021

Three Ways MSPs Can Improve Supply Chain Security

February 24, 2021

SASE: The Key to Mitigating Business Transformation Risk

February 22, 2021

Webinars

View all

A Partner’s Perspective on Channel Success in 2021

March 17, 2021

XDR and Why it Matters to MSPs

March 24, 2021

Top Security Trends Impacting Technology Security Providers In 2021

March 25, 2021

White Papers

View all

Ready To Add Cutting Edge IoT Solutions To Your Portfolio?

February 25, 2021

What Is The Value Of Distribution For The Internet Of Things?

February 25, 2021

The Internet of Things (IoT): Where do You Begin?

February 25, 2021

Upcoming Events

View all

Channel Partners Virtual

March 2, 2021 - March 4, 2021

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

#Threatprotection is no small matter for #MSSPs. Find out what vendors say you have to do this year to protect your… twitter.com/i/web/status/1…

February 26, 2021
ChannelFutures

Cloud strategies and cybersecurity are key, and #COVID19 will have more impact than #Brexit on U.K. channel, says… twitter.com/i/web/status/1…

February 26, 2021
ChannelFutures

.@PaloAltoNtwks unveils latest NextWave #partnerprogram. #cybersecurity dlvr.it/RtVngg https://t.co/bBkobGzjgD

February 26, 2021
ChannelFutures

.@JuniperNetworks is building synergies between the solution sets it acquired last year. dlvr.it/RtVdVL https://t.co/d21FcnLEai

February 25, 2021
ChannelFutures

.@Arcserve and @StorageCraft to merge, expanding both #dataprotection vendors' market from #SMB to enterprise.… twitter.com/i/web/status/1…

February 25, 2021
ChannelFutures

The golden age of the #Channel is here. @ComcastBusiness #dataconnectivity #SDN #desktop #security #UCaaS #IoT… twitter.com/i/web/status/1…

February 25, 2021
ChannelFutures

.@OneLogin hires @pulsesecure, @Juniper Networks vet as VP of global channels. #cybersecurity dlvr.it/RtVThK

February 25, 2021
ChannelFutures

.@Fortinet loses another channel vet, this time to @DeepInstinctSec. #cybersecurity dlvr.it/RtVR1t https://t.co/XvY0UQDzQL

February 25, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X